Repository: ranger Updated Branches: refs/heads/ranger-0.7 6134db8c8 -> 997d7c3d0
RANGER-1779 : last resource gets duplicated during update policy if policy is created through public api rest call Signed-off-by: Mehul Parikh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/997d7c3d Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/997d7c3d Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/997d7c3d Branch: refs/heads/ranger-0.7 Commit: 997d7c3d0c87b842b77eead7ca32dd382fe24150 Parents: 6134db8 Author: Nikhil P <[email protected]> Authored: Wed Sep 27 15:27:26 2017 +0530 Committer: Mehul Parikh <[email protected]> Committed: Thu Sep 28 19:56:37 2017 +0530 ---------------------------------------------------------------------- .../org/apache/ranger/biz/ServiceDBStore.java | 24 +-- ...atchForNifiResourceUpdateExclude_J10008.java | 145 ------------------ ...atchForNifiResourceUpdateExclude_J10011.java | 149 +++++++++++++++++++ 3 files changed, 164 insertions(+), 154 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/997d7c3d/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 63fdf4f..5f5f239 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -27,6 +27,7 @@ import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; +import java.util.LinkedHashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -2925,15 +2926,20 @@ public class ServiceDBStore extends AbstractServiceStore { xPolRes = daoMgr.getXXPolicyResource().create(xPolRes); List<String> values = policyRes.getValues(); - if(CollectionUtils.isNotEmpty(values)){ - for(int i = 0; i < values.size(); i++) { - if(values.get(i)!=null){ - XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap(); - xPolResMap = (XXPolicyResourceMap) rangerAuditFields.populateAuditFields(xPolResMap, xPolRes); - xPolResMap.setResourceId(xPolRes.getId()); - xPolResMap.setValue(values.get(i)); - xPolResMap.setOrder(i); - xPolResMap = daoMgr.getXXPolicyResourceMap().create(xPolResMap); + if (CollectionUtils.isNotEmpty(values)) { + Set<String> uniqueValues = new LinkedHashSet<String>(values); + int i = 0; + if (CollectionUtils.isNotEmpty(uniqueValues)) { + for (String uniqValue : uniqueValues) { + if (!StringUtils.isEmpty(uniqValue)) { + XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap(); + xPolResMap = (XXPolicyResourceMap) rangerAuditFields.populateAuditFields(xPolResMap,xPolRes); + xPolResMap.setResourceId(xPolRes.getId()); + xPolResMap.setValue(uniqValue); + xPolResMap.setOrder(i); + xPolResMap = daoMgr.getXXPolicyResourceMap().create(xPolResMap); + i++; + } } } } http://git-wip-us.apache.org/repos/asf/ranger/blob/997d7c3d/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java deleted file mode 100644 index 634082c..0000000 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java +++ /dev/null @@ -1,145 +0,0 @@ - -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ranger.patch; - -import java.util.List; -import org.apache.commons.collections.CollectionUtils; -import org.apache.log4j.Logger; -import org.apache.ranger.biz.ServiceDBStore; -import org.apache.ranger.common.JSONUtil; -import org.apache.ranger.common.RangerValidatorFactory; -import org.apache.ranger.common.StringUtil; -import org.apache.ranger.db.RangerDaoManager; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; -import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; -import org.apache.ranger.plugin.model.validation.RangerValidator.Action; -import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; -import org.apache.ranger.service.RangerPolicyService; -import org.apache.ranger.util.CLIUtil; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -@Component -public class PatchForNifiResourceUpdateExclude_J10008 extends BaseLoader { - private static final Logger logger = Logger.getLogger(PatchForHiveServiceDefUpdate_J10006.class); - @Autowired - RangerDaoManager daoMgr; - - @Autowired - ServiceDBStore svcDBStore; - - @Autowired - JSONUtil jsonUtil; - - @Autowired - StringUtil stringUtil; - - @Autowired - RangerValidatorFactory validatorFactory; - - @Autowired - ServiceDBStore svcStore; - - @Autowired - RangerPolicyService policyService; - - public static void main(String[] args) { - logger.info("main()"); - try { - PatchForNifiResourceUpdateExclude_J10008 loader = (PatchForNifiResourceUpdateExclude_J10008) CLIUtil.getBean(PatchForNifiResourceUpdateExclude_J10008.class); - loader.init(); - while (loader.isMoreToProcess()) { - loader.load(); - } - logger.info("Load complete. Exiting!!!"); - System.exit(0); - } catch (Exception e) { - logger.error("Error loading", e); - System.exit(1); - } - } - - @Override - public void init() throws Exception { - // Do Nothing - } - - @Override - public void execLoad() { - logger.info("==> PatchForNifiResourceUpdateExclude.execLoad()"); - try { - updateNifiServiceDef(); - } catch (Exception e) { - logger.error("Error whille updateNifiServiceDef()data.", e); - } - logger.info("<== PatchForNifiResourceUpdateExclude.execLoad()"); - } - - @Override - public void printStats() { - logger.info("updateNifiServiceDef data "); - } - - private void updateNifiServiceDef(){ - RangerServiceDef ret = null; - RangerServiceDef dbNifiServiceDef = null; - try { - dbNifiServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME); - if (dbNifiServiceDef != null) { - List<RangerResourceDef> rRDefList = null; - rRDefList = dbNifiServiceDef.getResources(); - if (CollectionUtils.isNotEmpty(rRDefList)) { - for (RangerResourceDef rRDef : rRDefList) { - - if (rRDef.getExcludesSupported()) { - rRDef.setExcludesSupported(false); - } - - XXResourceDef sdf=daoMgr.getXXResourceDef().findByNameAndServiceDefId(rRDef.getName(), dbNifiServiceDef.getId()); - long ResourceDefId=sdf.getId(); - List<XXPolicyResource> RangerPolicyResourceList=daoMgr.getXXPolicyResource().findByResDefId(ResourceDefId); - if (CollectionUtils.isNotEmpty(RangerPolicyResourceList)){ - for(XXPolicyResource RangerPolicyResource : RangerPolicyResourceList){ - if(RangerPolicyResource.getIsexcludes()){ - RangerPolicy rPolicy=svcDBStore.getPolicy(RangerPolicyResource.getPolicyid()); - rPolicy.setIsEnabled(false); - svcStore.updatePolicy(rPolicy); - } - } - } - } - } - RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); - validator.validate(dbNifiServiceDef, Action.UPDATE); - ret = svcStore.updateServiceDef(dbNifiServiceDef); - } - if (ret == null) { - logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME+ "service-def"); - System.exit(1); - } - } catch (Exception e) { - logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e); - } - } - -} http://git-wip-us.apache.org/repos/asf/ranger/blob/997d7c3d/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java new file mode 100644 index 0000000..0025eb8 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10011.java @@ -0,0 +1,149 @@ + +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.patch; + +import java.util.List; +import org.apache.commons.collections.CollectionUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.RangerValidatorFactory; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXPolicyResource; +import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; +import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; +import org.apache.ranger.plugin.model.validation.RangerValidator.Action; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; +import org.apache.ranger.service.RangerPolicyService; +import org.apache.ranger.util.CLIUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +/** + * Disables the Nifi plugin's exclude toggle in Ranger UI. + * After running this patch user wont be able to add exclude resource policies in NIFI. + * + */ +@Component +public class PatchForNifiResourceUpdateExclude_J10011 extends BaseLoader { + private static final Logger logger = Logger.getLogger(PatchForNifiResourceUpdateExclude_J10011.class); + @Autowired + RangerDaoManager daoMgr; + + @Autowired + ServiceDBStore svcDBStore; + + @Autowired + JSONUtil jsonUtil; + + @Autowired + StringUtil stringUtil; + + @Autowired + RangerValidatorFactory validatorFactory; + + @Autowired + ServiceDBStore svcStore; + + @Autowired + RangerPolicyService policyService; + + public static void main(String[] args) { + logger.info("main()"); + try { + PatchForNifiResourceUpdateExclude_J10011 loader = (PatchForNifiResourceUpdateExclude_J10011) CLIUtil.getBean(PatchForNifiResourceUpdateExclude_J10011.class); + loader.init(); + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + // Do Nothing + } + + @Override + public void execLoad() { + logger.info("==> PatchForNifiResourceUpdateExclude.execLoad()"); + try { + updateNifiServiceDef(); + } catch (Exception e) { + logger.error("Error whille updateNifiServiceDef()data.", e); + } + logger.info("<== PatchForNifiResourceUpdateExclude.execLoad()"); + } + + @Override + public void printStats() { + logger.info("updateNifiServiceDef data "); + } + + private void updateNifiServiceDef(){ + RangerServiceDef ret = null; + RangerServiceDef dbNifiServiceDef = null; + try { + dbNifiServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME); + if (dbNifiServiceDef != null) { + List<RangerResourceDef> rRDefList = null; + rRDefList = dbNifiServiceDef.getResources(); + if (CollectionUtils.isNotEmpty(rRDefList)) { + for (RangerResourceDef rRDef : rRDefList) { + + if (rRDef.getExcludesSupported()) { + rRDef.setExcludesSupported(false); + } + + XXResourceDef sdf=daoMgr.getXXResourceDef().findByNameAndServiceDefId(rRDef.getName(), dbNifiServiceDef.getId()); + long ResourceDefId=sdf.getId(); + List<XXPolicyResource> RangerPolicyResourceList=daoMgr.getXXPolicyResource().findByResDefId(ResourceDefId); + if (CollectionUtils.isNotEmpty(RangerPolicyResourceList)){ + for(XXPolicyResource RangerPolicyResource : RangerPolicyResourceList){ + if(RangerPolicyResource.getIsexcludes()){ + RangerPolicy rPolicy=svcDBStore.getPolicy(RangerPolicyResource.getPolicyid()); + rPolicy.setIsEnabled(false); + svcStore.updatePolicy(rPolicy); + } + } + } + } + } + RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); + validator.validate(dbNifiServiceDef, Action.UPDATE); + ret = svcStore.updateServiceDef(dbNifiServiceDef); + } + if (ret == null) { + logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME+ "service-def"); + } + } catch (Exception e) { + logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e); + } + } + +}
