From 80e67e07638ccbe13841c0f8daeff4afbd7f7621 Mon Sep 17 00:00:00 2001 From: Pradeep Agrawal Date: Fri, 8 Sep 2023 14:47:35 +0530 Subject: [PATCH] RANGER-4382: Improve exportCSV download time Change-Id: Iafd2754259a5c158b0faed54a410f659cd9c1f8d --- .../org/apache/ranger/biz/ServiceDBStore.java | 1028 ++++++++--------- .../org/apache/ranger/rest/ServiceREST.java | 49 +- 2 files changed, 519 insertions(+), 558 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 036dbfec67..84b096e9bb 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -4080,8 +4080,7 @@ private boolean isResourceInList(String resource, List xResourceD return false; } - private void writeExcel(List policies, String excelFileName, - HttpServletResponse response) throws IOException { + private void writeExcel(List policies, String excelFileName, HttpServletResponse response) throws IOException { Workbook workbook = null; OutputStream outStream = null; try { @@ -4090,86 +4089,71 @@ private void writeExcel(List policies, String excelFileName, createHeaderRow(sheet); int rowCount = 0; if (!CollectionUtils.isEmpty(policies)) { + Map svcNameToSvcType = new HashMap<>(); for (RangerPolicy policy : policies) { - List policyItems = policy - .getPolicyItems(); - List rowFilterPolicyItems = policy - .getRowFilterPolicyItems(); - List dataMaskPolicyItems = policy - .getDataMaskPolicyItems(); - List allowExceptions = policy - .getAllowExceptions(); - List denyExceptions = policy - .getDenyExceptions(); - List denyPolicyItems = policy - .getDenyPolicyItems(); - XXService xxservice = daoMgr.getXXService().findByName( - policy.getService()); - String serviceType = ""; - if (xxservice != null) { - Long ServiceId = xxservice.getType(); - XXServiceDef xxservDef = daoMgr.getXXServiceDef() - .getById(ServiceId); - if (xxservDef != null) { - serviceType = xxservDef.getName(); - } - } + List policyItems = policy.getPolicyItems(); + List rowFilterPolicyItems = policy.getRowFilterPolicyItems(); + List dataMaskPolicyItems = policy.getDataMaskPolicyItems(); + List allowExceptions = policy.getAllowExceptions(); + List denyExceptions = policy.getDenyExceptions(); + List denyPolicyItems = policy.getDenyPolicyItems(); + + String serviceType = policy.getServiceType(); + if (StringUtils.isBlank(serviceType)) { + serviceType = svcNameToSvcType.get(policy.getService()); + if (StringUtils.isBlank(serviceType)) { + serviceType = daoMgr.getXXServiceDef().findServiceDefTypeByServiceName(policy.getService()); + if (StringUtils.isNotBlank(serviceType)) { + svcNameToSvcType.put(policy.getService(), serviceType); + } + } + } + if (CollectionUtils.isNotEmpty(policyItems)) { for (RangerPolicyItem policyItem : policyItems) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, policyItem, null, - null, row, POLICY_ALLOW_INCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE); } } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) { for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, null, - dataMaskPolicyItem, null, row, - null); + writeBookForPolicyItems(svcNameToSvcType, policy, null, dataMaskPolicyItem, null, row, null); } } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) { for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, null, null, - rowFilterPolicyItem, row, - null); + writeBookForPolicyItems(svcNameToSvcType, policy, null, null, rowFilterPolicyItem, row, null); } - } else if (serviceType - .equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + } else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { if (CollectionUtils.isEmpty(policyItems)) { Row row = sheet.createRow(++rowCount); RangerPolicyItem policyItem = new RangerPolicyItem(); - writeBookForPolicyItems(policy, policyItem, null, - null, row, POLICY_ALLOW_INCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE); } } else if (CollectionUtils.isEmpty(policyItems)) { Row row = sheet.createRow(++rowCount); RangerPolicyItem policyItem = new RangerPolicyItem(); - writeBookForPolicyItems(policy, policyItem, null, null, - row, POLICY_ALLOW_INCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_ALLOW_INCLUDE); } if (CollectionUtils.isNotEmpty(allowExceptions)) { for (RangerPolicyItem policyItem : allowExceptions) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, policyItem, null, - null, row, POLICY_ALLOW_EXCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_ALLOW_EXCLUDE); } } if (CollectionUtils.isNotEmpty(denyExceptions)) { for (RangerPolicyItem policyItem : denyExceptions) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, policyItem, null, - null, row, POLICY_DENY_EXCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_DENY_EXCLUDE); } } if (CollectionUtils.isNotEmpty(denyPolicyItems)) { for (RangerPolicyItem policyItem : denyPolicyItems) { Row row = sheet.createRow(++rowCount); - writeBookForPolicyItems(policy, policyItem, null, - null, row, POLICY_DENY_INCLUDE); + writeBookForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, row, POLICY_DENY_INCLUDE); } - } + } } } ByteArrayOutputStream outByteStream = new ByteArrayOutputStream(); @@ -4178,8 +4162,7 @@ private void writeExcel(List policies, String excelFileName, response.setContentType("application/ms-excel"); response.setContentLength(outArray.length); response.setHeader("Expires:", "0"); - response.setHeader("Content-Disposition", "attachment; filename=" - + excelFileName); + response.setHeader("Content-Disposition", "attachment; filename=" + excelFileName); response.setStatus(HttpServletResponse.SC_OK); outStream = response.getOutputStream(); outStream.write(outArray); @@ -4198,355 +4181,321 @@ private void writeExcel(List policies, String excelFileName, } } - private StringBuilder writeCSV(List policies, - String cSVFileName, HttpServletResponse response) { + private StringBuilder writeCSV(List policies, String cSVFileName, HttpServletResponse response) { response.setContentType("text/csv"); final String LINE_SEPARATOR = "\n"; - final String FILE_HEADER = "ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|" - + "isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name"; + final String FILE_HEADER = "ID|Name|Resources|Roles|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|" + + "isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name"; StringBuilder csvBuffer = new StringBuilder(); csvBuffer.append(FILE_HEADER); csvBuffer.append(LINE_SEPARATOR); - if (!CollectionUtils.isEmpty(policies)) { - for (RangerPolicy policy : policies) { - List policyItems = policy.getPolicyItems(); - List rowFilterPolicyItems = policy - .getRowFilterPolicyItems(); - List dataMaskPolicyItems = policy - .getDataMaskPolicyItems(); - List allowExceptions = policy - .getAllowExceptions(); - List denyExceptions = policy - .getDenyExceptions(); - List denyPolicyItems = policy - .getDenyPolicyItems(); - XXService xxservice = daoMgr.getXXService().findByName( - policy.getService()); - String serviceType = ""; - if (xxservice != null) { - Long ServiceId = xxservice.getType(); - XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById( - ServiceId); - if (xxservDef != null) { - serviceType = xxservDef.getName(); + if (!CollectionUtils.isEmpty(policies)) { + Map svcNameToSvcType = new HashMap<>(); + for (RangerPolicy policy : policies) { + List policyItems = policy.getPolicyItems(); + List rowFilterPolicyItems = policy.getRowFilterPolicyItems(); + List dataMaskPolicyItems = policy.getDataMaskPolicyItems(); + List allowExceptions = policy.getAllowExceptions(); + List denyExceptions = policy.getDenyExceptions(); + List denyPolicyItems = policy.getDenyPolicyItems(); + + String serviceType = policy.getServiceType(); + if (StringUtils.isBlank(serviceType)) { + serviceType = svcNameToSvcType.get(policy.getService()); + if (StringUtils.isBlank(serviceType)) { + serviceType = daoMgr.getXXServiceDef().findServiceDefTypeByServiceName(policy.getService()); + if (StringUtils.isNotBlank(serviceType)) { + svcNameToSvcType.put(policy.getService(), serviceType); + } } } - if (CollectionUtils.isNotEmpty(policyItems)) { + + if (CollectionUtils.isNotEmpty(policyItems)) { for (RangerPolicyItem policyItem : policyItems) { - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_ALLOW_INCLUDE); + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE); } - } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) { - for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { - writeCSVForPolicyItems(policy, null, - dataMaskPolicyItem, null, csvBuffer, - null); - } - } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) { - for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { - writeCSVForPolicyItems(policy, null, null, - rowFilterPolicyItem, csvBuffer, - null); - } - } else if (serviceType - .equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { - if (CollectionUtils.isEmpty(policyItems)) { - RangerPolicyItem policyItem = new RangerPolicyItem(); - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_ALLOW_INCLUDE); - } - } else if (CollectionUtils.isEmpty(policyItems)) { - RangerPolicyItem policyItem = new RangerPolicyItem(); - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_ALLOW_INCLUDE); - } - if (CollectionUtils.isNotEmpty(allowExceptions)) { - for (RangerPolicyItem policyItem : allowExceptions) { - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_ALLOW_EXCLUDE); + } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) { + for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) { + writeCSVForPolicyItems(svcNameToSvcType, policy, null, dataMaskPolicyItem, null, csvBuffer, null); + } + } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) { + for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) { + writeCSVForPolicyItems(svcNameToSvcType, policy, null, null, rowFilterPolicyItem, csvBuffer, null); + } + } else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + if (CollectionUtils.isEmpty(policyItems)) { + RangerPolicyItem policyItem = new RangerPolicyItem(); + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE); } + } else if (CollectionUtils.isEmpty(policyItems)) { + RangerPolicyItem policyItem = new RangerPolicyItem(); + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE); } - if (CollectionUtils.isNotEmpty(denyExceptions)) { - for (RangerPolicyItem policyItem : denyExceptions) { - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_DENY_EXCLUDE); + if (CollectionUtils.isNotEmpty(allowExceptions)) { + for (RangerPolicyItem policyItem : allowExceptions) { + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_EXCLUDE); } - } - if (CollectionUtils.isNotEmpty(denyPolicyItems)) { - for (RangerPolicyItem policyItem : denyPolicyItems) { - writeCSVForPolicyItems(policy, policyItem, null, null, - csvBuffer, POLICY_DENY_INCLUDE); - } - } - } - } - response.setHeader("Content-Disposition", "attachment; filename=" - + cSVFileName); + } + if (CollectionUtils.isNotEmpty(denyExceptions)) { + for (RangerPolicyItem policyItem : denyExceptions) { + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_DENY_EXCLUDE); + } + } + if (CollectionUtils.isNotEmpty(denyPolicyItems)) { + for (RangerPolicyItem policyItem : denyPolicyItems) { + writeCSVForPolicyItems(svcNameToSvcType, policy, policyItem, null, null, csvBuffer, POLICY_DENY_INCLUDE); + } + } + } + } + response.setHeader("Content-Disposition", "attachment; filename=" + cSVFileName); response.setStatus(HttpServletResponse.SC_OK); return csvBuffer; } - private void writeCSVForPolicyItems(RangerPolicy policy, - RangerPolicyItem policyItem, - RangerDataMaskPolicyItem dataMaskPolicyItem, - RangerRowFilterPolicyItem rowFilterPolicyItem, - StringBuilder csvBuffer, String policyConditionType) { - if (LOG.isDebugEnabled()) { - // To avoid PMD violation - LOG.debug("policyConditionType:[" + policyConditionType + "]"); - } - final String COMMA_DELIMITER = "|"; - final String LINE_SEPARATOR = "\n"; - List roles = new ArrayList(); - List groups = new ArrayList(); - List users = new ArrayList(); - String roleNames = ""; - String groupNames = ""; - String userNames = ""; - String policyLabelName = ""; - String accessType = ""; - String policyStatus = ""; - String policyType = ""; - Boolean delegateAdmin = false; - String isRecursive = ""; - String isExcludes = ""; - String serviceName = ""; - String description = ""; - Boolean isAuditEnabled = true; - String isExcludesValue = ""; - String maskingInfo = ""; - List accesses = new ArrayList(); - List conditionsList = new ArrayList(); - String conditionKeyValue = ""; - String resValue = ""; - String resourceKeyVal = ""; - String isRecursiveValue = ""; - String resKey = ""; - String ServiceType = ""; - String filterExpr = ""; - String policyName = ""; - List policyLabels = new ArrayList(); - String policyConditionTypeValue = ""; - serviceName = policy.getService(); - description = policy.getDescription(); - isAuditEnabled = policy.getIsAuditEnabled(); - policyLabels = policy.getPolicyLabels(); - StringBuffer sb = new StringBuffer(); - StringBuffer sbIsRecursive = new StringBuffer(); - StringBuffer sbIsExcludes = new StringBuffer(); - Map resources = policy.getResources(); - RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); - RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); - policyName = policy.getName(); - policyName = policyName.replace("|", ""); - if (resources != null) { - for (Entry resource : resources - .entrySet()) { - resKey = resource.getKey(); - RangerPolicyResource policyResource = resource.getValue(); - List resvalueList = policyResource.getValues(); - isExcludes = policyResource.getIsExcludes().toString(); - isRecursive = policyResource.getIsRecursive().toString(); - resValue = resvalueList.toString(); - sb = sb.append(resourceKeyVal).append(" ").append(resKey) - .append("=").append(resValue); - sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append(" ") - .append(resKey).append("=[").append(isExcludes) - .append("]"); - sbIsRecursive = sbIsRecursive.append(resourceKeyVal) - .append(" ").append(resKey).append("=[") - .append(isRecursive).append("]"); - } - isExcludesValue = sbIsExcludes.toString(); - isExcludesValue = isExcludesValue.substring(1); - isRecursiveValue = sbIsRecursive.toString(); - isRecursiveValue = isRecursiveValue.substring(1); - resourceKeyVal = sb.toString(); - resourceKeyVal = resourceKeyVal.substring(1); - if (policyItem != null && dataMaskPolicyItem == null - && rowFilterPolicyItem == null) { - roles = policyItem.getRoles(); - groups = policyItem.getGroups(); - users = policyItem.getUsers(); - accesses = policyItem.getAccesses(); - delegateAdmin = policyItem.getDelegateAdmin(); - conditionsList = policyItem.getConditions(); - } else if (dataMaskPolicyItem != null && policyItem == null - && rowFilterPolicyItem == null) { - roles = dataMaskPolicyItem.getRoles(); - groups = dataMaskPolicyItem.getGroups(); - users = dataMaskPolicyItem.getUsers(); - accesses = dataMaskPolicyItem.getAccesses(); - delegateAdmin = dataMaskPolicyItem.getDelegateAdmin(); - conditionsList = dataMaskPolicyItem.getConditions(); - dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo(); - String dataMaskType = dataMaskInfo.getDataMaskType(); - String conditionExpr = dataMaskInfo.getConditionExpr(); - String valueExpr = dataMaskInfo.getValueExpr(); - maskingInfo = "dataMasktype=[" + dataMaskType + "]"; - if (conditionExpr != null && !conditionExpr.isEmpty() - && valueExpr != null && !valueExpr.isEmpty()) { - maskingInfo = maskingInfo + "; conditionExpr=[" - + conditionExpr + "]"; - } - } else if (rowFilterPolicyItem != null && policyItem == null - && dataMaskPolicyItem == null) { - roles = rowFilterPolicyItem.getRoles(); - groups = rowFilterPolicyItem.getGroups(); - users = rowFilterPolicyItem.getUsers(); - accesses = rowFilterPolicyItem.getAccesses(); - delegateAdmin = rowFilterPolicyItem.getDelegateAdmin(); - conditionsList = rowFilterPolicyItem.getConditions(); - filterInfo = rowFilterPolicyItem.getRowFilterInfo(); - filterExpr = filterInfo.getFilterExpr(); - } - if (CollectionUtils.isNotEmpty(accesses)) { - for (RangerPolicyItemAccess access : accesses) { - if (access != null) { - accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#"; - } - } - if (accessType.length() > 0) { - accessType = accessType.substring(0, accessType.lastIndexOf("#")); - } - } - if (CollectionUtils.isNotEmpty(roles)) { - for (String role : roles) { - if (StringUtils.isNotBlank(role)) { - role = role.replace("|", ""); - role = role.replace("#", ""); - roleNames = roleNames + role + "#"; - } - } - if (roleNames.length() > 0) { - roleNames = roleNames.substring(0, roleNames.lastIndexOf("#")); - } - } - if (CollectionUtils.isNotEmpty(groups)) { - for (String group : groups) { - if (StringUtils.isNotBlank(group)) { - group = group.replace("|", ""); - group = group.replace("#", ""); - groupNames = groupNames + group + "#"; - } - } - if (groupNames.length() > 0) { - groupNames = groupNames.substring(0, groupNames.lastIndexOf("#")); - } - } - if (CollectionUtils.isNotEmpty(users)) { - for (String user : users) { - if (StringUtils.isNotBlank(user)) { - user = user.replace("|", ""); - user = user.replace("#", ""); - userNames = userNames + user + "#"; - } - } - if (userNames.length() > 0) { - userNames = userNames.substring(0, userNames.lastIndexOf("#")); - } - } - String conditionValue = ""; - for (RangerPolicyItemCondition conditions : conditionsList) { - String conditionType = conditions.getType(); - List conditionList = conditions.getValues(); - conditionValue = conditionList.toString(); - conditionKeyValue = conditionType + "=" + conditionValue; - } - XXService xxservice = daoMgr.getXXService().findByName( - policy.getService()); - if (xxservice != null) { - Long ServiceId = xxservice.getType(); - XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById( - ServiceId); - if (xxservDef != null) { - ServiceType = xxservDef.getName(); - } - } - } - if (policyConditionType != null) { - policyConditionTypeValue = policyConditionType; - } - if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) { - policyConditionTypeValue = POLICY_ALLOW_INCLUDE; - } else if (policyConditionType == null) { - policyConditionTypeValue = ""; - } - if (policy.getIsEnabled()) { - policyStatus = "Enabled"; - } else { - policyStatus = "Disabled"; - } - int policyTypeInt = policy.getPolicyType(); - switch (policyTypeInt) { - case RangerPolicy.POLICY_TYPE_ACCESS: - policyType = POLICY_TYPE_ACCESS; - break; - case RangerPolicy.POLICY_TYPE_DATAMASK: - policyType = POLICY_TYPE_DATAMASK; - break; - case RangerPolicy.POLICY_TYPE_ROWFILTER: - policyType = POLICY_TYPE_ROWFILTER; - break; - } - if (CollectionUtils.isNotEmpty(policyLabels)) { - for (String policyLabel : policyLabels) { - if (StringUtils.isNotBlank(policyLabel)) { - policyLabel = policyLabel.replace("|", ""); - policyLabel = policyLabel.replace("#", ""); - policyLabelName = policyLabelName + policyLabel + "#"; - } + private void writeCSVForPolicyItems(Map svcNameToSvcType, RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, StringBuilder csvBuffer, String policyConditionType) { + if (LOG.isDebugEnabled()) { + LOG.debug("policyConditionType:[" + policyConditionType + "]"); + } + final String COMMA_DELIMITER = "|"; + final String LINE_SEPARATOR = "\n"; + List roles = new ArrayList(); + List groups = new ArrayList(); + List users = new ArrayList(); + String roleNames = ""; + String groupNames = ""; + String userNames = ""; + String policyLabelName = ""; + String accessType = ""; + String policyStatus = ""; + String policyType = ""; + Boolean delegateAdmin = false; + String isRecursive = ""; + String isExcludes = ""; + String serviceName = ""; + String description = ""; + Boolean isAuditEnabled = true; + String isExcludesValue = ""; + String maskingInfo = ""; + List accesses = new ArrayList(); + List conditionsList = new ArrayList(); + String conditionKeyValue = ""; + String resValue = ""; + String resourceKeyVal = ""; + String isRecursiveValue = ""; + String resKey = ""; + String ServiceType = ""; + String filterExpr = ""; + String policyName = ""; + List policyLabels = new ArrayList(); + String policyConditionTypeValue = ""; + serviceName = policy.getService(); + description = policy.getDescription(); + isAuditEnabled = policy.getIsAuditEnabled(); + policyLabels = policy.getPolicyLabels(); + StringBuffer sb = new StringBuffer(); + StringBuffer sbIsRecursive = new StringBuffer(); + StringBuffer sbIsExcludes = new StringBuffer(); + Map resources = policy.getResources(); + RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); + RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); + policyName = policy.getName(); + policyName = policyName.replace("|", ""); + if (resources != null) { + for (Entry resource : resources.entrySet()) { + resKey = resource.getKey(); + RangerPolicyResource policyResource = resource.getValue(); + List resvalueList = policyResource.getValues(); + isExcludes = policyResource.getIsExcludes().toString(); + isRecursive = policyResource.getIsRecursive().toString(); + resValue = resvalueList.toString(); + sb = sb.append(resourceKeyVal).append(" ").append(resKey).append("=").append(resValue); + sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isExcludes).append("]"); + sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append(" ").append(resKey).append("=[").append(isRecursive).append("]"); + } + isExcludesValue = sbIsExcludes.toString(); + isExcludesValue = isExcludesValue.substring(1); + isRecursiveValue = sbIsRecursive.toString(); + isRecursiveValue = isRecursiveValue.substring(1); + resourceKeyVal = sb.toString(); + resourceKeyVal = resourceKeyVal.substring(1); + if (policyItem != null && dataMaskPolicyItem == null && rowFilterPolicyItem == null) { + roles = policyItem.getRoles(); + groups = policyItem.getGroups(); + users = policyItem.getUsers(); + accesses = policyItem.getAccesses(); + delegateAdmin = policyItem.getDelegateAdmin(); + conditionsList = policyItem.getConditions(); + } else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) { + roles = dataMaskPolicyItem.getRoles(); + groups = dataMaskPolicyItem.getGroups(); + users = dataMaskPolicyItem.getUsers(); + accesses = dataMaskPolicyItem.getAccesses(); + delegateAdmin = dataMaskPolicyItem.getDelegateAdmin(); + conditionsList = dataMaskPolicyItem.getConditions(); + dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo(); + String dataMaskType = dataMaskInfo.getDataMaskType(); + String conditionExpr = dataMaskInfo.getConditionExpr(); + String valueExpr = dataMaskInfo.getValueExpr(); + maskingInfo = "dataMasktype=[" + dataMaskType + "]"; + if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) { + maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]"; + } + } else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) { + roles = rowFilterPolicyItem.getRoles(); + groups = rowFilterPolicyItem.getGroups(); + users = rowFilterPolicyItem.getUsers(); + accesses = rowFilterPolicyItem.getAccesses(); + delegateAdmin = rowFilterPolicyItem.getDelegateAdmin(); + conditionsList = rowFilterPolicyItem.getConditions(); + filterInfo = rowFilterPolicyItem.getRowFilterInfo(); + filterExpr = filterInfo.getFilterExpr(); + } + if (CollectionUtils.isNotEmpty(accesses)) { + for (RangerPolicyItemAccess access : accesses) { + if (access != null) { + accessType = accessType + access.getType().replace("#", "").replace("|", "") + "#"; } - if (policyLabelName.length() > 0) { - policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#")); + } + if (accessType.length() > 0) { + accessType = accessType.substring(0, accessType.lastIndexOf("#")); + } + } + if (CollectionUtils.isNotEmpty(roles)) { + for (String role : roles) { + if (StringUtils.isNotBlank(role)) { + role = role.replace("|", ""); + role = role.replace("#", ""); + roleNames = roleNames + role + "#"; } } + if (roleNames.length() > 0) { + roleNames = roleNames.substring(0, roleNames.lastIndexOf("#")); + } + } + if (CollectionUtils.isNotEmpty(groups)) { + for (String group : groups) { + if (StringUtils.isNotBlank(group)) { + group = group.replace("|", ""); + group = group.replace("#", ""); + groupNames = groupNames + group + "#"; + } + } + if (groupNames.length() > 0) { + groupNames = groupNames.substring(0, groupNames.lastIndexOf("#")); + } + } + if (CollectionUtils.isNotEmpty(users)) { + for (String user : users) { + if (StringUtils.isNotBlank(user)) { + user = user.replace("|", ""); + user = user.replace("#", ""); + userNames = userNames + user + "#"; + } + } + if (userNames.length() > 0) { + userNames = userNames.substring(0, userNames.lastIndexOf("#")); + } + } + String conditionValue = ""; + for (RangerPolicyItemCondition conditions : conditionsList) { + String conditionType = conditions.getType(); + List conditionList = conditions.getValues(); + conditionValue = conditionList.toString(); + conditionKeyValue = conditionType + "=" + conditionValue; + } - csvBuffer.append(policy.getId()); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(policyName); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(resourceKeyVal); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(roleNames); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(groupNames); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(userNames); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(accessType.trim()); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(ServiceType); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(policyStatus); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(policyType); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(delegateAdmin.toString().toUpperCase()); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(isRecursiveValue); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(isExcludesValue); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(serviceName); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(description); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(isAuditEnabled.toString().toUpperCase()); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(conditionKeyValue.trim()); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(policyConditionTypeValue); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(maskingInfo); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(filterExpr); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(policyLabelName); - csvBuffer.append(COMMA_DELIMITER); - csvBuffer.append(LINE_SEPARATOR); - } + ServiceType = policy.getServiceType(); + if (StringUtils.isBlank(ServiceType)) { + ServiceType = svcNameToSvcType.get(policy.getService()); + if (ServiceType == null) { + ServiceType = ""; + } + } + } + if (policyConditionType != null) { + policyConditionTypeValue = policyConditionType; + } + if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) { + policyConditionTypeValue = POLICY_ALLOW_INCLUDE; + } else if (policyConditionType == null) { + policyConditionTypeValue = ""; + } + if (policy.getIsEnabled()) { + policyStatus = "Enabled"; + } else { + policyStatus = "Disabled"; + } + int policyTypeInt = policy.getPolicyType(); + switch (policyTypeInt) { + case RangerPolicy.POLICY_TYPE_ACCESS: + policyType = POLICY_TYPE_ACCESS; + break; + case RangerPolicy.POLICY_TYPE_DATAMASK: + policyType = POLICY_TYPE_DATAMASK; + break; + case RangerPolicy.POLICY_TYPE_ROWFILTER: + policyType = POLICY_TYPE_ROWFILTER; + break; + } + if (CollectionUtils.isNotEmpty(policyLabels)) { + for (String policyLabel : policyLabels) { + if (StringUtils.isNotBlank(policyLabel)) { + policyLabel = policyLabel.replace("|", ""); + policyLabel = policyLabel.replace("#", ""); + policyLabelName = policyLabelName + policyLabel + "#"; + } + } + if (policyLabelName.length() > 0) { + policyLabelName = policyLabelName.substring(0, policyLabelName.lastIndexOf("#")); + } + } + + csvBuffer.append(policy.getId()); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyName); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(resourceKeyVal); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(roleNames); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(groupNames); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(userNames); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(accessType.trim()); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(ServiceType); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyStatus); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyType); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(delegateAdmin.toString().toUpperCase()); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(isRecursiveValue); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(isExcludesValue); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(serviceName); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(description); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(isAuditEnabled.toString().toUpperCase()); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(conditionKeyValue.trim()); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyConditionTypeValue); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(maskingInfo); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(filterExpr); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(policyLabelName); + csvBuffer.append(COMMA_DELIMITER); + csvBuffer.append(LINE_SEPARATOR); + } public Map getMetaDataInfo() { Map metaDataInfo = new LinkedHashMap(); @@ -4668,67 +4617,65 @@ public Map createPolicyMap(Map zoneMapping return policiesMap; } - private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem policyItem, - RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row, String policyConditionType) { + private void writeBookForPolicyItems(Map svcNameToSvcType, RangerPolicy policy, RangerPolicyItem policyItem, RangerDataMaskPolicyItem dataMaskPolicyItem, RangerRowFilterPolicyItem rowFilterPolicyItem, Row row, String policyConditionType) { if (LOG.isDebugEnabled()) { - // To avoid PMD violation - LOG.debug("policyConditionType:[" + policyConditionType + "]"); + LOG.debug("policyConditionType:[" + policyConditionType + "]"); } List groups = new ArrayList(); List users = new ArrayList(); List roles = new ArrayList(); String roleNames = ""; String groupNames = ""; - String policyConditionTypeValue = ""; + String policyConditionTypeValue = ""; String userNames = ""; - String policyLabelNames = ""; + String policyLabelNames = ""; String accessType = ""; String policyStatus = ""; - String policyType = ""; - Boolean delegateAdmin = false; - String isRecursive = ""; - String isExcludes = ""; - String serviceName = ""; - - String description = ""; - Boolean isAuditEnabled = true; - isAuditEnabled = policy.getIsAuditEnabled(); - String isExcludesValue = ""; + String policyType = ""; + Boolean delegateAdmin = false; + String isRecursive = ""; + String isExcludes = ""; + String serviceName = ""; + + String description = ""; + Boolean isAuditEnabled = true; + isAuditEnabled = policy.getIsAuditEnabled(); + String isExcludesValue = ""; Cell cell = row.createCell(0); cell.setCellValue(policy.getId()); List accesses = new ArrayList(); - List conditionsList = new ArrayList(); - String conditionKeyValue = ""; - List policyLabels = new ArrayList(); + List conditionsList = new ArrayList(); + String conditionKeyValue = ""; + List policyLabels = new ArrayList(); String resValue = ""; String resourceKeyVal = ""; - String isRecursiveValue = ""; + String isRecursiveValue = ""; String resKey = ""; StringBuffer sb = new StringBuffer(); - StringBuffer sbIsRecursive = new StringBuffer(); - StringBuffer sbIsExcludes = new StringBuffer(); + StringBuffer sbIsRecursive = new StringBuffer(); + StringBuffer sbIsExcludes = new StringBuffer(); Map resources = policy.getResources(); - RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); - RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); - cell = row.createCell(1); - cell.setCellValue(policy.getName()); - cell = row.createCell(2); + RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); + RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); + cell = row.createCell(1); + cell.setCellValue(policy.getName()); + cell = row.createCell(2); if (resources != null) { for (Entry resource : resources.entrySet()) { resKey = resource.getKey(); RangerPolicyResource policyResource = resource.getValue(); List resvalueList = policyResource.getValues(); - isExcludes = policyResource.getIsExcludes().toString(); - isRecursive = policyResource.getIsRecursive().toString(); + isExcludes = policyResource.getIsExcludes().toString(); + isRecursive = policyResource.getIsRecursive().toString(); resValue = resvalueList.toString(); - sb = sb.append(resourceKeyVal).append("; ").append(resKey).append("=").append(resValue); - sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isExcludes).append("]"); - sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isRecursive).append("]"); - } - isExcludesValue = sbIsExcludes.toString(); - isExcludesValue = isExcludesValue.substring(1); - isRecursiveValue = sbIsRecursive.toString(); - isRecursiveValue = isRecursiveValue.substring(1); + sb = sb.append(resourceKeyVal).append("; ").append(resKey).append("=").append(resValue); + sbIsExcludes = sbIsExcludes.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isExcludes).append("]"); + sbIsRecursive = sbIsRecursive.append(resourceKeyVal).append("; ").append(resKey).append("=[").append(isRecursive).append("]"); + } + isExcludesValue = sbIsExcludes.toString(); + isExcludesValue = isExcludesValue.substring(1); + isRecursiveValue = sbIsRecursive.toString(); + isRecursiveValue = isRecursiveValue.substring(1); resourceKeyVal = sb.toString(); resourceKeyVal = resourceKeyVal.substring(1); cell.setCellValue(resourceKeyVal); @@ -4737,36 +4684,36 @@ private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem polic groups = policyItem.getGroups(); users = policyItem.getUsers(); accesses = policyItem.getAccesses(); - delegateAdmin = policyItem.getDelegateAdmin(); - conditionsList = policyItem.getConditions(); + delegateAdmin = policyItem.getDelegateAdmin(); + conditionsList = policyItem.getConditions(); } else if (dataMaskPolicyItem != null && policyItem == null && rowFilterPolicyItem == null) { roles = dataMaskPolicyItem.getRoles(); groups = dataMaskPolicyItem.getGroups(); users = dataMaskPolicyItem.getUsers(); accesses = dataMaskPolicyItem.getAccesses(); - delegateAdmin = dataMaskPolicyItem.getDelegateAdmin(); - conditionsList = dataMaskPolicyItem.getConditions(); - dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo(); - String dataMaskType = dataMaskInfo.getDataMaskType(); - String conditionExpr = dataMaskInfo.getConditionExpr(); - String valueExpr = dataMaskInfo.getValueExpr(); - String maskingInfo = "dataMasktype=[" + dataMaskType + "]"; - if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) { - maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]"; - } - cell = row.createCell(18); - cell.setCellValue(maskingInfo); + delegateAdmin = dataMaskPolicyItem.getDelegateAdmin(); + conditionsList = dataMaskPolicyItem.getConditions(); + dataMaskInfo = dataMaskPolicyItem.getDataMaskInfo(); + String dataMaskType = dataMaskInfo.getDataMaskType(); + String conditionExpr = dataMaskInfo.getConditionExpr(); + String valueExpr = dataMaskInfo.getValueExpr(); + String maskingInfo = "dataMasktype=[" + dataMaskType + "]"; + if (conditionExpr != null && !conditionExpr.isEmpty() && valueExpr != null && !valueExpr.isEmpty()) { + maskingInfo = maskingInfo + "; conditionExpr=[" + conditionExpr + "]"; + } + cell = row.createCell(18); + cell.setCellValue(maskingInfo); } else if (rowFilterPolicyItem != null && policyItem == null && dataMaskPolicyItem == null) { roles = rowFilterPolicyItem.getRoles(); groups = rowFilterPolicyItem.getGroups(); users = rowFilterPolicyItem.getUsers(); accesses = rowFilterPolicyItem.getAccesses(); - delegateAdmin = rowFilterPolicyItem.getDelegateAdmin(); - conditionsList = rowFilterPolicyItem.getConditions(); - filterInfo = rowFilterPolicyItem.getRowFilterInfo(); - String filterExpr = filterInfo.getFilterExpr(); - cell = row.createCell(19); - cell.setCellValue(filterExpr); + delegateAdmin = rowFilterPolicyItem.getDelegateAdmin(); + conditionsList = rowFilterPolicyItem.getConditions(); + filterInfo = rowFilterPolicyItem.getRowFilterInfo(); + String filterExpr = filterInfo.getFilterExpr(); + cell = row.createCell(19); + cell.setCellValue(filterExpr); } if (CollectionUtils.isNotEmpty(accesses)) { for (RangerPolicyItemAccess access : accesses) { @@ -4778,31 +4725,31 @@ private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem polic if (CollectionUtils.isNotEmpty(roles)) { roleNames = roleNames + roles.toString(); StringTokenizer roleToken = new StringTokenizer(roleNames, "[]"); - while(roleToken.hasMoreTokens()) { + while (roleToken.hasMoreTokens()) { roleNames = roleToken.nextToken().toString(); } } if (CollectionUtils.isNotEmpty(groups)) { groupNames = groupNames + groups.toString(); StringTokenizer groupToken = new StringTokenizer(groupNames, "[]"); - while(groupToken.hasMoreTokens()) { + while (groupToken.hasMoreTokens()) { groupNames = groupToken.nextToken().toString(); } } if (CollectionUtils.isNotEmpty(users)) { userNames = userNames + users.toString(); StringTokenizer userToken = new StringTokenizer(userNames, "[]"); - while(userToken.hasMoreTokens()) { + while (userToken.hasMoreTokens()) { userNames = userToken.nextToken().toString(); } } - String conditionValue = ""; - for(RangerPolicyItemCondition conditions : conditionsList ){ - String conditionType = conditions.getType(); - List conditionList = conditions.getValues(); - conditionValue = conditionList.toString(); - conditionKeyValue = conditionType + "=" + conditionValue; - } + String conditionValue = ""; + for (RangerPolicyItemCondition conditions : conditionsList) { + String conditionType = conditions.getType(); + List conditionList = conditions.getValues(); + conditionValue = conditionList.toString(); + conditionKeyValue = conditionType + "=" + conditionValue; + } cell = row.createCell(3); cell.setCellValue(roleNames); cell = row.createCell(4); @@ -4812,23 +4759,23 @@ private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem polic cell = row.createCell(6); cell.setCellValue(accessType.trim()); cell = row.createCell(7); - XXService xxservice = daoMgr.getXXService().findByName(policy.getService()); - String ServiceType = ""; - if (xxservice != null) { - Long ServiceId = xxservice.getType(); - XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId); - if (xxservDef != null) { - ServiceType = xxservDef.getName(); + + String ServiceType = policy.getServiceType(); + if (StringUtils.isBlank(ServiceType)) { + ServiceType = svcNameToSvcType.get(policy.getService()); + if (ServiceType == null) { + ServiceType = ""; } } - if(policyConditionType != null) { - policyConditionTypeValue = policyConditionType; - } - if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) { - policyConditionTypeValue = POLICY_ALLOW_INCLUDE; - }else if (policyConditionType == null) { - policyConditionTypeValue = ""; - } + + if (policyConditionType != null) { + policyConditionTypeValue = policyConditionType; + } + if (policyConditionType == null && ServiceType.equalsIgnoreCase("tag")) { + policyConditionTypeValue = POLICY_ALLOW_INCLUDE; + } else if (policyConditionType == null) { + policyConditionTypeValue = ""; + } cell.setCellValue(ServiceType); cell = row.createCell(8); @@ -4839,53 +4786,54 @@ private void writeBookForPolicyItems(RangerPolicy policy, RangerPolicyItem polic } else { policyStatus = "Disabled"; } - policyLabels = policy.getPolicyLabels(); - if (CollectionUtils.isNotEmpty(policyLabels)) { - policyLabelNames = policyLabelNames + policyLabels.toString(); - StringTokenizer policyLabelToken = new StringTokenizer(policyLabelNames, "[]"); - while(policyLabelToken.hasMoreTokens()) { - policyLabelNames = policyLabelToken.nextToken().toString(); - } - } + policyLabels = policy.getPolicyLabels(); + if (CollectionUtils.isNotEmpty(policyLabels)) { + policyLabelNames = policyLabelNames + policyLabels.toString(); + StringTokenizer policyLabelToken = new StringTokenizer(policyLabelNames, "[]"); + while (policyLabelToken.hasMoreTokens()) { + policyLabelNames = policyLabelToken.nextToken().toString(); + } + } cell.setCellValue(policyStatus); - cell = row.createCell(9); - int policyTypeInt = policy.getPolicyType(); - switch (policyTypeInt) { - case RangerPolicy.POLICY_TYPE_ACCESS: - policyType = POLICY_TYPE_ACCESS; - break; - - case RangerPolicy.POLICY_TYPE_DATAMASK: - policyType = POLICY_TYPE_DATAMASK; - break; - - case RangerPolicy.POLICY_TYPE_ROWFILTER: - policyType = POLICY_TYPE_ROWFILTER; - break; - } - cell.setCellValue(policyType); - cell = row.createCell(10); - cell.setCellValue(delegateAdmin.toString().toUpperCase()); - cell = row.createCell(11); - cell.setCellValue(isRecursiveValue); - cell = row.createCell(12); - cell.setCellValue(isExcludesValue); - cell = row.createCell(13); - serviceName = policy.getService(); - cell.setCellValue(serviceName); - cell = row.createCell(14); - description = policy.getDescription(); - cell.setCellValue(description); - cell = row.createCell(15); - cell.setCellValue(isAuditEnabled.toString().toUpperCase()); - cell = row.createCell(16); - cell.setCellValue(conditionKeyValue.trim()); - cell = row.createCell(17); - cell.setCellValue(policyConditionTypeValue); - cell = row.createCell(20); - cell.setCellValue(policyLabelNames); + cell = row.createCell(9); + int policyTypeInt = policy.getPolicyType(); + switch (policyTypeInt) { + case RangerPolicy.POLICY_TYPE_ACCESS: + policyType = POLICY_TYPE_ACCESS; + break; + + case RangerPolicy.POLICY_TYPE_DATAMASK: + policyType = POLICY_TYPE_DATAMASK; + break; + + case RangerPolicy.POLICY_TYPE_ROWFILTER: + policyType = POLICY_TYPE_ROWFILTER; + break; + } + cell.setCellValue(policyType); + cell = row.createCell(10); + cell.setCellValue(delegateAdmin.toString().toUpperCase()); + cell = row.createCell(11); + cell.setCellValue(isRecursiveValue); + cell = row.createCell(12); + cell.setCellValue(isExcludesValue); + cell = row.createCell(13); + serviceName = policy.getService(); + cell.setCellValue(serviceName); + cell = row.createCell(14); + description = policy.getDescription(); + cell.setCellValue(description); + cell = row.createCell(15); + cell.setCellValue(isAuditEnabled.toString().toUpperCase()); + cell = row.createCell(16); + cell.setCellValue(conditionKeyValue.trim()); + cell = row.createCell(17); + cell.setCellValue(policyConditionTypeValue); + cell = row.createCell(20); + cell.setCellValue(policyLabelNames); + + } - } private void createHeaderRow(Sheet sheet) { CellStyle cellStyle = sheet.getWorkbook().createCellStyle(); Font font = sheet.getWorkbook().createFont(); @@ -4931,54 +4879,54 @@ private void createHeaderRow(Sheet sheet) { cellStatus.setCellStyle(cellStyle); cellStatus.setCellValue("Status"); - Cell cellPolicyType = row.createCell(9); - cellPolicyType.setCellStyle(cellStyle); - cellPolicyType.setCellValue("Policy Type"); + Cell cellPolicyType = row.createCell(9); + cellPolicyType.setCellStyle(cellStyle); + cellPolicyType.setCellValue("Policy Type"); - Cell cellDelegateAdmin = row.createCell(10); - cellDelegateAdmin.setCellStyle(cellStyle); - cellDelegateAdmin.setCellValue("Delegate Admin"); + Cell cellDelegateAdmin = row.createCell(10); + cellDelegateAdmin.setCellStyle(cellStyle); + cellDelegateAdmin.setCellValue("Delegate Admin"); - Cell cellIsRecursive = row.createCell(11); - cellIsRecursive.setCellStyle(cellStyle); - cellIsRecursive.setCellValue("isRecursive"); + Cell cellIsRecursive = row.createCell(11); + cellIsRecursive.setCellStyle(cellStyle); + cellIsRecursive.setCellValue("isRecursive"); - Cell cellIsExcludes = row.createCell(12); - cellIsExcludes.setCellStyle(cellStyle); - cellIsExcludes.setCellValue("isExcludes"); + Cell cellIsExcludes = row.createCell(12); + cellIsExcludes.setCellStyle(cellStyle); + cellIsExcludes.setCellValue("isExcludes"); - Cell cellServiceName = row.createCell(13); - cellServiceName.setCellStyle(cellStyle); - cellServiceName.setCellValue("Service Name"); + Cell cellServiceName = row.createCell(13); + cellServiceName.setCellStyle(cellStyle); + cellServiceName.setCellValue("Service Name"); - Cell cellDescription = row.createCell(14); - cellDescription.setCellStyle(cellStyle); - cellDescription.setCellValue("Description"); + Cell cellDescription = row.createCell(14); + cellDescription.setCellStyle(cellStyle); + cellDescription.setCellValue("Description"); - Cell cellisAuditEnabled = row.createCell(15); - cellisAuditEnabled.setCellStyle(cellStyle); - cellisAuditEnabled.setCellValue("isAuditEnabled"); + Cell cellisAuditEnabled = row.createCell(15); + cellisAuditEnabled.setCellStyle(cellStyle); + cellisAuditEnabled.setCellValue("isAuditEnabled"); - Cell cellPolicyConditions = row.createCell(16); - cellPolicyConditions.setCellStyle(cellStyle); - cellPolicyConditions.setCellValue("Policy Conditions"); + Cell cellPolicyConditions = row.createCell(16); + cellPolicyConditions.setCellStyle(cellStyle); + cellPolicyConditions.setCellValue("Policy Conditions"); - Cell cellPolicyConditionType = row.createCell(17); - cellPolicyConditionType.setCellStyle(cellStyle); - cellPolicyConditionType.setCellValue("Policy Condition Type"); + Cell cellPolicyConditionType = row.createCell(17); + cellPolicyConditionType.setCellStyle(cellStyle); + cellPolicyConditionType.setCellValue("Policy Condition Type"); - Cell cellMaskingOptions = row.createCell(18); - cellMaskingOptions.setCellStyle(cellStyle); - cellMaskingOptions.setCellValue("Masking Options"); + Cell cellMaskingOptions = row.createCell(18); + cellMaskingOptions.setCellStyle(cellStyle); + cellMaskingOptions.setCellValue("Masking Options"); - Cell cellRowFilterExpr = row.createCell(19); - cellRowFilterExpr.setCellStyle(cellStyle); - cellRowFilterExpr.setCellValue("Row Filter Expr"); + Cell cellRowFilterExpr = row.createCell(19); + cellRowFilterExpr.setCellStyle(cellStyle); + cellRowFilterExpr.setCellValue("Row Filter Expr"); - Cell cellPolicyLabelName = row.createCell(20); - cellPolicyLabelName.setCellStyle(cellStyle); - cellPolicyLabelName.setCellValue("Policy Labels Name"); - } + Cell cellPolicyLabelName = row.createCell(20); + cellPolicyLabelName.setCellStyle(cellStyle); + cellPolicyLabelName.setCellValue("Policy Labels Name"); + } private RangerPolicyList searchRangerPolicies(SearchFilter searchFilter) { List policyList = new ArrayList(); diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 86959423c7..5aee2a2c07 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -2101,11 +2101,12 @@ public void getPoliciesInExcel(@Context HttpServletRequest request, policyLists = getAllFilteredPolicyList(filter, request, policyLists); if (CollectionUtils.isNotEmpty(policyLists)){ - for (RangerPolicy rangerPolicy : policyLists) { - if (rangerPolicy != null) { - ensureAdminAndAuditAccess(rangerPolicy); - } - } + Map mapServiceTypeAndImplClass = new HashMap(); + for (RangerPolicy rangerPolicy : policyLists) { + if (rangerPolicy != null) { + ensureAdminAndAuditAccess(rangerPolicy, mapServiceTypeAndImplClass); + } + } svcStore.getPoliciesInExcel(policyLists, response); }else{ response.setStatus(HttpServletResponse.SC_NO_CONTENT); @@ -2153,12 +2154,12 @@ public void getPoliciesInCsv(@Context HttpServletRequest request, @Context HttpS policyLists = getAllFilteredPolicyList(filter, request, policyLists); if (CollectionUtils.isNotEmpty(policyLists)){ - for (RangerPolicy rangerPolicy : policyLists) { - if (rangerPolicy != null) { - ensureAdminAndAuditAccess(rangerPolicy); - } - } - + Map mapServiceTypeAndImplClass = new HashMap (); + for (RangerPolicy rangerPolicy : policyLists) { + if (rangerPolicy != null) { + ensureAdminAndAuditAccess(rangerPolicy, mapServiceTypeAndImplClass); + } + } svcStore.getPoliciesInCSV(policyLists, response); }else{ response.setStatus(HttpServletResponse.SC_NO_CONTENT); @@ -2212,9 +2213,10 @@ public void getPoliciesInJson(@Context HttpServletRequest request, policyLists = getAllFilteredPolicyList(filter, request, policyLists); if (CollectionUtils.isNotEmpty(policyLists)) { + Map mapServiceTypeAndImplClass = new HashMap (); for (RangerPolicy rangerPolicy : policyLists) { if (rangerPolicy != null) { - ensureAdminAndAuditAccess(rangerPolicy); + ensureAdminAndAuditAccess(rangerPolicy, mapServiceTypeAndImplClass); } } bizUtil.blockAuditorRoleUser(); @@ -4195,6 +4197,10 @@ private RangerService hideCriticalServiceDetailsForRoleUser(RangerService ranger } void ensureAdminAndAuditAccess(RangerPolicy policy) { + ensureAdminAndAuditAccess (policy, new HashMap()); + } + + void ensureAdminAndAuditAccess(RangerPolicy policy, Map mapServiceTypeAndImplClass) { boolean isAdmin = bizUtil.isAdmin(); boolean isKeyAdmin = bizUtil.isKeyAdmin(); String userName = bizUtil.getCurrentUserLoginId(); @@ -4221,18 +4227,25 @@ void ensureAdminAndAuditAccess(RangerPolicy policy) { + userName + "' does not have delegated-admin privilege on given resources", true); } } else { - - XXService xService = daoManager.getXXService().findByName(policy.getService()); - XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); - + if (StringUtils.isBlank(policy.getServiceType())) { + XXService xService = daoManager.getXXService().findByName(policy.getService()); + XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); + mapServiceTypeAndImplClass.put(xServiceDef.getName(), xServiceDef.getImplclassname()); + policy.setServiceType(xServiceDef.getName()); + } else if (!mapServiceTypeAndImplClass.containsKey(policy.getServiceType())) { + XXService xService = daoManager.getXXService().findByName(policy.getService()); + XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); + mapServiceTypeAndImplClass.put(xServiceDef.getName(), xServiceDef.getImplclassname()); + } + String serviceDefImplClass = mapServiceTypeAndImplClass.get(policy.getServiceType()); if (isAdmin || isAuditAdmin) { - if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) { + if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(serviceDefImplClass)) { throw restErrorUtil.createRESTException( "KMS Policies/Services/Service-Defs are not accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION); } } else if (isKeyAdmin || isAuditKeyAdmin) { - if (!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname())) { + if (!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(serviceDefImplClass)) { throw restErrorUtil.createRESTException("Only KMS Policies/Services/Service-Defs are accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION); }