/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.atlas.authorize.simple;
import org.apache.atlas.authorize.AtlasActionTypes;
import org.apache.atlas.authorize.AtlasResourceTypes;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import scala.tools.jline_embedded.internal.Log;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
public class PolicyParser {
private static Logger LOG = LoggerFactory.getLogger(PolicyParser.class);
private static boolean isDebugEnabled = LOG.isDebugEnabled();
public static final int POLICYNAME = 0;
public static final int USER_INDEX = 1;
public static final int USERNAME = 0;
public static final int USER_AUTHORITIES = 1;
public static final int GROUP_INDEX = 2;
public static final int GROUPNAME = 0;
public static final int GROUP_AUTHORITIES = 1;
public static final int RESOURCE_INDEX = 3;
public static final int RESOURCE_TYPE = 0;
public static final int RESOURCE_NAME = 1;
private List<AtlasActionTypes> getListOfAutorities(String auth) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser getListOfAutorities");
}
List<AtlasActionTypes> authorities = new ArrayList<>();
for (int i = 0; i < auth.length(); i++) {
char access = auth.toLowerCase().charAt(i);
switch (access) {
case 'r':
authorities.add(AtlasActionTypes.READ);
break;
case 'w':
authorities.add(AtlasActionTypes.CREATE);
break;
case 'u':
authorities.add(AtlasActionTypes.UPDATE);
break;
case 'd':
authorities.add(AtlasActionTypes.DELETE);
break;
default:
if (LOG.isErrorEnabled()) {
LOG.error("Invalid action: '{}'", access);
}
break;
}
}
if (isDebugEnabled) {
LOG.debug("<== PolicyParser getListOfAutorities");
}
return authorities;
}
public List<PolicyDef> parsePolicies(List<String> policies) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser parsePolicies");
}
List<PolicyDef> policyDefs = new ArrayList<>();
for (String policy : policies) {
PolicyDef policyDef = parsePolicy(policy);
if (policyDef != null) {
policyDefs.add(policyDef);
}
}
if (isDebugEnabled) {
LOG.debug("<== PolicyParser parsePolicies");
LOG.debug(policyDefs.toString());
}
return policyDefs;
}
private PolicyDef parsePolicy(String data) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser parsePolicy");
}
PolicyDef def = null;
String[] props = data.split(";;");
if (props.length < RESOURCE_INDEX) {
LOG.warn("skipping invalid policy line: {}", data);
} else {
def = new PolicyDef();
def.setPolicyName(props[POLICYNAME]);
parseUsers(props[USER_INDEX], def);
parseGroups(props[GROUP_INDEX], def);
parseResources(props[RESOURCE_INDEX], def);
if (isDebugEnabled) {
LOG.debug("policy successfully parsed!!!");
LOG.debug("<== PolicyParser parsePolicy");
}
}
return def;
}
private boolean validateEntity(String entity) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser validateEntity");
}
boolean isValidEntity = Pattern.matches("(.+:.+)+", entity);
boolean isEmpty = entity.isEmpty();
if (!isValidEntity || isEmpty) {
if (isDebugEnabled) {
LOG.debug("group/user/resource not properly define in Policy");
LOG.debug("<== PolicyParser validateEntity");
}
return false;
} else {
if (isDebugEnabled) {
LOG.debug("<== PolicyParser validateEntity");
}
return true;
}
}
private void parseUsers(String usersDef, PolicyDef def) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser parseUsers");
}
String[] users = usersDef.split(",");
String[] userAndRole = null;
Map<String, List<AtlasActionTypes>> usersMap = new HashMap<>();
if (validateEntity(usersDef)) {
for (String user : users) {
if (!Pattern.matches("(.+:.+)+", user)) {
continue;
}
userAndRole = user.split(":");
if (def.getUsers() != null) {
usersMap = def.getUsers();
}
List<AtlasActionTypes> userAutorities = getListOfAutorities(userAndRole[USER_AUTHORITIES]);
usersMap.put(userAndRole[USERNAME], userAutorities);
def.setUsers(usersMap);
}
} else {
def.setUsers(usersMap);
}
if (isDebugEnabled) {
LOG.debug("<== PolicyParser parseUsers");
}
}
private void parseGroups(String groupsDef, PolicyDef def) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser parseGroups");
}
String[] groups = groupsDef.split("\\,");
String[] groupAndRole = null;
Map<String, List<AtlasActionTypes>> groupsMap = new HashMap<>();
if (validateEntity(groupsDef.trim())) {
for (String group : groups) {
if (!Pattern.matches("(.+:.+)+", group)) {
continue;
}
groupAndRole = group.split("[:]");
if (def.getGroups() != null) {
groupsMap = def.getGroups();
}
List<AtlasActionTypes> groupAutorities = getListOfAutorities(groupAndRole[GROUP_AUTHORITIES]);
groupsMap.put(groupAndRole[GROUPNAME], groupAutorities);
def.setGroups(groupsMap);
}
} else {
def.setGroups(groupsMap);
}
if (isDebugEnabled) {
LOG.debug("<== PolicyParser parseGroups");
}
}
private void parseResources(String resourceDef, PolicyDef def) {
if (isDebugEnabled) {
LOG.debug("==> PolicyParser parseResources");
}
String[] resources = resourceDef.split(",");
String[] resourceTypeAndName = null;
Map<AtlasResourceTypes, List<String>> resourcesMap = new HashMap<>();
if (validateEntity(resourceDef)) {
for (String resource : resources) {
if (!Pattern.matches("(.+:.+)+", resource)) {
continue;
}
resourceTypeAndName = resource.split("[:]");
if (def.getResources() != null) {
resourcesMap = def.getResources();
}
AtlasResourceTypes resourceType = null;
String type = resourceTypeAndName[RESOURCE_TYPE].toUpperCase();
if (type.equalsIgnoreCase("ENTITY")) {
resourceType = AtlasResourceTypes.ENTITY;
} else if (type.equalsIgnoreCase("OPERATION")) {
resourceType = AtlasResourceTypes.OPERATION;
} else if (type.equalsIgnoreCase("TYPE")) {
resourceType = AtlasResourceTypes.TYPE;
} else if (type.equalsIgnoreCase("TAXONOMY")) {
resourceType = AtlasResourceTypes.TAXONOMY;
} else if (type.equalsIgnoreCase("TERM")) {
resourceType = AtlasResourceTypes.TERM;
} else {
Log.warn(type + " is invalid resource please check PolicyStore file");
continue;
}
List<String> resourceList = resourcesMap.get(resourceType);
if (resourceList == null) {
resourceList = new ArrayList<>();
}
resourceList.add(resourceTypeAndName[RESOURCE_NAME]);
resourcesMap.put(resourceType, resourceList);
def.setResources(resourcesMap);
}
} else {
def.setResources(resourcesMap);
}
if (isDebugEnabled) {
LOG.debug("<== PolicyParser parseResources");
}
}
}