http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 6c699ca..5dfe446 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -27,11 +27,10 @@ import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashMap; -import java.util.LinkedHashSet; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.Map.Entry; +import java.util.Set; import java.util.StringTokenizer; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -51,6 +50,13 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.poi.hssf.usermodel.HSSFWorkbook; +import org.apache.poi.ss.usermodel.Cell; +import org.apache.poi.ss.usermodel.CellStyle; +import org.apache.poi.ss.usermodel.Font; +import org.apache.poi.ss.usermodel.Row; +import org.apache.poi.ss.usermodel.Sheet; +import org.apache.poi.ss.usermodel.Workbook; import org.apache.ranger.audit.provider.MiscUtil; import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.common.AppConstants; @@ -58,6 +64,7 @@ import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter; +import org.apache.ranger.entity.*; import org.apache.ranger.plugin.policyengine.RangerPolicyEngine; import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher; import org.apache.ranger.plugin.policyresourcematcher.RangerPolicyResourceMatcher; @@ -83,59 +90,19 @@ import org.apache.ranger.db.XXDataMaskTypeDefDao; import org.apache.ranger.db.XXEnumDefDao; import org.apache.ranger.db.XXEnumElementDefDao; import org.apache.ranger.db.XXPolicyConditionDefDao; -import org.apache.ranger.db.XXPolicyItemAccessDao; -import org.apache.ranger.db.XXPolicyItemConditionDao; -import org.apache.ranger.db.XXPolicyItemDao; -import org.apache.ranger.db.XXPolicyItemDataMaskInfoDao; -import org.apache.ranger.db.XXPolicyItemGroupPermDao; -import org.apache.ranger.db.XXPolicyItemRowFilterInfoDao; -import org.apache.ranger.db.XXPolicyItemUserPermDao; import org.apache.ranger.db.XXPolicyLabelMapDao; -import org.apache.ranger.db.XXPolicyResourceDao; -import org.apache.ranger.db.XXPolicyResourceMapDao; import org.apache.ranger.db.XXResourceDefDao; import org.apache.ranger.db.XXServiceConfigDefDao; import org.apache.ranger.db.XXServiceConfigMapDao; import org.apache.ranger.db.XXServiceDao; import org.apache.ranger.db.XXServiceVersionInfoDao; -import org.apache.ranger.entity.XXAccessTypeDef; -import org.apache.ranger.entity.XXAccessTypeDefGrants; -import org.apache.ranger.entity.XXContextEnricherDef; -import org.apache.ranger.entity.XXDataHist; -import org.apache.ranger.entity.XXDataMaskTypeDef; -import org.apache.ranger.entity.XXEnumDef; -import org.apache.ranger.entity.XXEnumElementDef; -import org.apache.ranger.entity.XXGroup; -import org.apache.ranger.entity.XXPolicy; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyItemDataMaskInfo; -import org.apache.ranger.entity.XXPolicyItemGroupPerm; -import org.apache.ranger.entity.XXPolicyItemRowFilterInfo; -import org.apache.ranger.entity.XXPolicyItemUserPerm; -import org.apache.ranger.entity.XXPolicyLabel; -import org.apache.ranger.entity.XXPolicyLabelMap; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXResourceDef; -import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceConfigDef; -import org.apache.ranger.entity.XXServiceConfigMap; -import org.apache.ranger.entity.XXServiceDef; -import org.apache.ranger.entity.XXServiceVersionInfo; -import org.apache.ranger.entity.XXTrxLog; -import org.apache.ranger.entity.XXUser; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemDataMaskInfo; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem; import org.apache.ranger.plugin.model.RangerPolicyResourceSignature; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; @@ -150,7 +117,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerRowFilterDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; -import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.store.AbstractServiceStore; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.store.PList; @@ -188,6 +154,7 @@ import org.apache.ranger.view.VXPolicyLabelList; import org.apache.ranger.view.VXString; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserList; +import org.codehaus.jettison.json.JSONException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; @@ -195,14 +162,6 @@ import org.springframework.transaction.PlatformTransactionManager; import org.springframework.transaction.TransactionStatus; import org.springframework.transaction.support.TransactionCallback; import org.springframework.transaction.support.TransactionTemplate; -import org.apache.poi.hssf.usermodel.HSSFWorkbook; -import org.apache.poi.ss.usermodel.Cell; -import org.apache.poi.ss.usermodel.CellStyle; -import org.apache.poi.ss.usermodel.Font; -import org.apache.poi.ss.usermodel.Row; -import org.apache.poi.ss.usermodel.Sheet; -import org.apache.poi.ss.usermodel.Workbook; -import org.codehaus.jettison.json.JSONException; import com.google.gson.Gson; import com.google.gson.GsonBuilder; @@ -212,28 +171,30 @@ public class ServiceDBStore extends AbstractServiceStore { private static final Log LOG = LogFactory.getLog(ServiceDBStore.class); private static final String POLICY_ALLOW_EXCLUDE = "Policy Allow:Exclude"; - private static final String POLICY_ALLOW_INCLUDE = "Policy Allow:Include"; - private static final String POLICY_DENY_EXCLUDE = "Policy Deny:Exclude"; - private static final String POLICY_DENY_INCLUDE = "Policy Deny:Include"; - - private static final String POLICY_TYPE_ACCESS = "Access"; - private static final String POLICY_TYPE_DATAMASK = "Masking"; - private static final String POLICY_TYPE_ROWFILTER = "Row Level Filter"; - private static String LOCAL_HOSTNAME = "unknown"; - private static final String HOSTNAME = "Host name"; - private static final String USER_NAME = "Exported by"; - private static final String RANGER_VERSION = "Ranger apache version"; - private static final String TIMESTAMP = "Export time"; - private static final String AMBARI_SERVICE_CHECK_USER = "ambari.service.check.user"; - private static final String SERVICE_ADMIN_USERS = "service.admin.users"; + private static final String POLICY_ALLOW_INCLUDE = "Policy Allow:Include"; + private static final String POLICY_DENY_EXCLUDE = "Policy Deny:Exclude"; + private static final String POLICY_DENY_INCLUDE = "Policy Deny:Include"; + + private static final String POLICY_TYPE_ACCESS = "Access"; + private static final String POLICY_TYPE_DATAMASK = "Masking"; + private static final String POLICY_TYPE_ROWFILTER = "Row Level Filter"; - public static final String CRYPT_ALGO = PropertiesUtil.getProperty("ranger.password.encryption.algorithm", PasswordUtils.DEFAULT_CRYPT_ALGO); - public static final String ENCRYPT_KEY = PropertiesUtil.getProperty("ranger.password.encryption.key", PasswordUtils.DEFAULT_ENCRYPT_KEY); - public static final String SALT = PropertiesUtil.getProperty("ranger.password.salt", PasswordUtils.DEFAULT_SALT); - public static final Integer ITERATION_COUNT = PropertiesUtil.getIntProperty("ranger.password.iteration.count", PasswordUtils.DEFAULT_ITERATION_COUNT); + private static String LOCAL_HOSTNAME = "unknown"; + private static final String HOSTNAME = "Host name"; + private static final String USER_NAME = "Exported by"; + private static final String RANGER_VERSION = "Ranger apache version"; + private static final String TIMESTAMP = "Export time"; + + private static final String AMBARI_SERVICE_CHECK_USER = "ambari.service.check.user"; + private static final String SERVICE_ADMIN_USERS = "service.admin.users"; - static { + public static final String CRYPT_ALGO = PropertiesUtil.getProperty("ranger.password.encryption.algorithm", PasswordUtils.DEFAULT_CRYPT_ALGO); + public static final String ENCRYPT_KEY = PropertiesUtil.getProperty("ranger.password.encryption.key", PasswordUtils.DEFAULT_ENCRYPT_KEY); + public static final String SALT = PropertiesUtil.getProperty("ranger.password.salt", PasswordUtils.DEFAULT_SALT); + public static final Integer ITERATION_COUNT = PropertiesUtil.getIntProperty("ranger.password.iteration.count", PasswordUtils.DEFAULT_ITERATION_COUNT); + + static { try { LOCAL_HOSTNAME = java.net.InetAddress.getLocalHost().getCanonicalHostName(); } catch (UnknownHostException e) { @@ -257,7 +218,7 @@ public class ServiceDBStore extends AbstractServiceStore { StringUtil stringUtil; @Autowired - RangerAuditFields rangerAuditFields; + RangerAuditFields<?> rangerAuditFields; @Autowired RangerPolicyService policyService; @@ -271,8 +232,11 @@ public class ServiceDBStore extends AbstractServiceStore { @Autowired XUserMgr xUserMgr; - @Autowired - XGroupService xGroupService; + @Autowired + XGroupService xGroupService; + + @Autowired + PolicyRefUpdater policyRefUpdater; @Autowired RangerDataHistService dataHistService; @@ -772,8 +736,8 @@ public class ServiceDBStore extends AbstractServiceStore { } } if (!found) { - List<XXPolicyResource> policyResList = daoMgr.getXXPolicyResource().findByResDefId(xRes.getId()); - if (!stringUtil.isEmpty(policyResList)) { + List<XXPolicyRefResource> xxPolicyRefResource = daoMgr.getXXPolicyRefResource().findByResourceDefID(xRes.getId()); + if (!stringUtil.isEmpty(xxPolicyRefResource)) { throw restErrorUtil.createRESTException("Policy/Policies are referring to this resource: " + xRes.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE); @@ -859,8 +823,8 @@ public class ServiceDBStore extends AbstractServiceStore { } } if (!found) { - List<XXPolicyItemAccess> polItemAccessList = daoMgr.getXXPolicyItemAccess().findByType(xAccess.getId()); - if(!stringUtil.isEmpty(polItemAccessList)) { + List<XXPolicyRefAccessType> policyRefAccessTypeList = daoMgr.getXXPolicyRefAccessType().findByAccessTypeDefId(xAccess.getId()); + if(!stringUtil.isEmpty(policyRefAccessTypeList)) { throw restErrorUtil.createRESTException("Policy/Policies are referring to this access-type: " + xAccess.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE); @@ -902,15 +866,14 @@ public class ServiceDBStore extends AbstractServiceStore { } } if(!found) { - List<XXPolicyItemCondition> policyItemCondList = daoMgr.getXXPolicyItemCondition() - .findByPolicyConditionDefId(xCondition.getId()); - if(!stringUtil.isEmpty(policyItemCondList)) { + List<XXPolicyRefCondition> xxPolicyRefConditions = daoMgr.getXXPolicyRefCondition().findByConditionDefId(xCondition.getId()); + if(!stringUtil.isEmpty(xxPolicyRefConditions)) { throw restErrorUtil.createRESTException("Policy/Policies are referring to this policy-condition: " + xCondition.getName() + ". Please remove such references from policy before updating service-def.", MessageEnums.DATA_NOT_UPDATABLE); } - for(XXPolicyItemCondition policyItemCond : policyItemCondList) { - daoMgr.getXXPolicyItemCondition().remove(policyItemCond); + for(XXPolicyRefCondition xxPolicyRefCondition : xxPolicyRefConditions) { + daoMgr.getXXPolicyRefCondition().remove(xxPolicyRefCondition); } xxPolCondDao.remove(xCondition); } @@ -1243,9 +1206,9 @@ public class ServiceDBStore extends AbstractServiceStore { List<XXPolicyConditionDef> policyCondList = policyCondDao.findByServiceDefId(serviceDefId); for (XXPolicyConditionDef policyCond : policyCondList) { - List<XXPolicyItemCondition> policyItemCondList = daoMgr.getXXPolicyItemCondition().findByPolicyConditionDefId(policyCond.getId()); - for (XXPolicyItemCondition policyItemCond : policyItemCondList) { - daoMgr.getXXPolicyItemCondition().remove(policyItemCond); + List<XXPolicyRefCondition> xxPolicyRefConditions = daoMgr.getXXPolicyRefCondition().findByConditionDefId(policyCond.getId()); + for (XXPolicyRefCondition XXPolicyRefCondition : xxPolicyRefConditions) { + daoMgr.getXXPolicyRefCondition().remove(XXPolicyRefCondition); } policyCondDao.remove(policyCond); } @@ -1295,37 +1258,25 @@ public class ServiceDBStore extends AbstractServiceStore { daoMgr.getXXAccessTypeDefGrants().remove(atdGrant); } - List<XXPolicyItemAccess> policyItemAccessList = daoMgr.getXXPolicyItemAccess().findByType(xAccess.getId()); - for (XXPolicyItemAccess policyItemAccess : policyItemAccessList) { - daoMgr.getXXPolicyItemAccess().remove(policyItemAccess); + List<XXPolicyRefAccessType> policyRefAccessTypeList = daoMgr.getXXPolicyRefAccessType().findByAccessTypeDefId(xAccess.getId()); + for (XXPolicyRefAccessType xxPolicyRefAccessType : policyRefAccessTypeList) { + daoMgr.getXXPolicyRefAccessType().remove(xxPolicyRefAccessType); } daoMgr.getXXAccessTypeDef().remove(xAccess); } public void deleteXXResourceDef(XXResourceDef xRes) { - List<XXResourceDef> xChildObjs = daoMgr.getXXResourceDef().findByParentResId(xRes.getId()); for(XXResourceDef childRes : xChildObjs) { deleteXXResourceDef(childRes); } - - List<XXPolicyResource> xxResources = daoMgr.getXXPolicyResource().findByResDefId(xRes.getId()); - for (XXPolicyResource xPolRes : xxResources) { - deleteXXPolicyResource(xPolRes); + List<XXPolicyRefResource> xxPolicyRefResources = daoMgr.getXXPolicyRefResource().findByResourceDefID(xRes.getId()); + for (XXPolicyRefResource xPolRefRes : xxPolicyRefResources) { + daoMgr.getXXPolicyRefResource().remove(xPolRefRes); } - daoMgr.getXXResourceDef().remove(xRes); } - public void deleteXXPolicyResource(XXPolicyResource xPolRes) { - List<XXPolicyResourceMap> polResMapList = daoMgr.getXXPolicyResourceMap().findByPolicyResId(xPolRes.getId()); - XXPolicyResourceMapDao polResMapDao = daoMgr.getXXPolicyResourceMap(); - for (XXPolicyResourceMap xxPolResMap : polResMapList) { - polResMapDao.remove(xxPolResMap); - } - daoMgr.getXXPolicyResource().remove(xPolRes); - } - @Override public RangerServiceDef getServiceDef(Long id) throws Exception { if (LOG.isDebugEnabled()) { @@ -1479,7 +1430,7 @@ public class ServiceDBStore extends AbstractServiceStore { configValue = stringUtil.getValidUserName(configValue); } xConfMap.setConfigvalue(configValue); - xConfMapDao.create(xConfMap); + xConfMap = xConfMapDao.create(xConfMap); } if (LOG.isDebugEnabled()) { LOG.debug("vXUser:[" + vXUser + "]"); @@ -1605,7 +1556,7 @@ public class ServiceDBStore extends AbstractServiceStore { service = svcService.update(service); if (hasTagServiceValueChanged || hasIsEnabledChanged) { - updatePolicyVersion(service, false); + updatePolicyVersion(service); } } @@ -1713,11 +1664,11 @@ public class ServiceDBStore extends AbstractServiceStore { } List<XXPolicy> policies = daoMgr.getXXPolicy().findByServiceId(service.getId()); - RangerPolicy rangerPolicy =null; + //RangerPolicy rangerPolicy =null; for(XXPolicy policy : policies) { LOG.info("Deleting Policy, policyName: " + policy.getName()); - rangerPolicy = getPolicy(policy.getId()); - deletePolicy(rangerPolicy); + //rangerPolicy = getPolicy(policy.getId()); + deletePolicy(policy.getId()); } XXServiceConfigMapDao configDao = daoMgr.getXXServiceConfigMap(); @@ -1875,14 +1826,7 @@ public class ServiceDBStore extends AbstractServiceStore { throw new Exception("policy already exists: ServiceName=" + policy.getService() + "; PolicyName=" + policy.getName() + ". ID=" + existing.getId()); } - Map<String, RangerPolicyResource> resources = policy.getResources(); - List<RangerPolicyItem> policyItems = policy.getPolicyItems(); - List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems(); - List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions(); - List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions(); - List<RangerDataMaskPolicyItem> dataMaskItems = policy.getDataMaskPolicyItems(); - List<RangerRowFilterPolicyItem> rowFilterItems = policy.getRowFilterPolicyItems(); - List<String> policyLabels = policy.getPolicyLabels(); + List<String> policyLabels = policy.getPolicyLabels(); policy.setVersion(Long.valueOf(1)); updatePolicySignature(policy); @@ -1901,18 +1845,9 @@ public class ServiceDBStore extends AbstractServiceStore { } XXPolicy xCreatedPolicy = daoMgr.getXXPolicy().getById(policy.getId()); - - createNewResourcesForPolicy(policy, xCreatedPolicy, resources); - createNewPolicyItemsForPolicy(policy, xCreatedPolicy, policyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW); - createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY); - createNewPolicyItemsForPolicy(policy, xCreatedPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS); - createNewPolicyItemsForPolicy(policy, xCreatedPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS); - createNewDataMaskPolicyItemsForPolicy(policy, xCreatedPolicy, dataMaskItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK); - createNewRowFilterPolicyItemsForPolicy(policy, xCreatedPolicy, rowFilterItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER); - - createNewLabelsForPolicy(xCreatedPolicy, policyLabels); - - handlePolicyUpdate(service, true); + policyRefUpdater.createNewPolMappingForRefTable(policy, xCreatedPolicy, xServiceDef); + createNewLabelsForPolicy(xCreatedPolicy, policyLabels); + handlePolicyUpdate(service); RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy); dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE); @@ -1993,15 +1928,7 @@ public class ServiceDBStore extends AbstractServiceStore { throw new Exception("another policy already exists with name '" + policy.getName() + "'. ID=" + newNamePolicy.getId()); } } - Map<String, RangerPolicyResource> newResources = policy.getResources(); - List<RangerPolicyItem> policyItems = policy.getPolicyItems(); - List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems(); - List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions(); - List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions(); - List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems(); - List<RangerRowFilterPolicyItem> rowFilterItems = policy.getRowFilterPolicyItems(); - List<String> policyLabels = policy.getPolicyLabels(); - + List<String> policyLabels = policy.getPolicyLabels(); policy.setCreateTime(xxExisting.getCreateTime()); policy.setGuid(xxExisting.getGuid()); policy.setVersion(xxExisting.getVersion()); @@ -2010,31 +1937,17 @@ public class ServiceDBStore extends AbstractServiceStore { updatePolicySignature(policy); - boolean isTagVersionUpdateNeeded = false; - if (EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME.equals(service.getType())) { - isTagVersionUpdateNeeded = existing.getIsEnabled() ? !policy.getIsEnabled() : policy.getIsEnabled(); - isTagVersionUpdateNeeded = isTagVersionUpdateNeeded || !StringUtils.equals(existing.getResourceSignature(), policy.getResourceSignature()); - } policy = policyService.update(policy); XXPolicy newUpdPolicy = daoMgr.getXXPolicy().getById(policy.getId()); - deleteExistingPolicyResources(policy); - deleteExistingPolicyItems(policy); - deleteExistingPolicyLabel(policy); - - createNewResourcesForPolicy(policy, newUpdPolicy, newResources); - createNewPolicyItemsForPolicy(policy, newUpdPolicy, policyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW); - createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY); - createNewPolicyItemsForPolicy(policy, newUpdPolicy, allowExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS); - createNewPolicyItemsForPolicy(policy, newUpdPolicy, denyExceptions, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS); - createNewDataMaskPolicyItemsForPolicy(policy, newUpdPolicy, dataMaskPolicyItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DATAMASK); - createNewRowFilterPolicyItemsForPolicy(policy, newUpdPolicy, rowFilterItems, xServiceDef, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ROWFILTER); - createNewLabelsForPolicy(newUpdPolicy, policyLabels); - - handlePolicyUpdate(service, isTagVersionUpdateNeeded); + policyRefUpdater.cleanupRefTables(policy); + deleteExistingPolicyLabel(policy); + policyRefUpdater.createNewPolMappingForRefTable(policy, newUpdPolicy, xServiceDef); + createNewLabelsForPolicy(newUpdPolicy, policyLabels); + handlePolicyUpdate(service); RangerPolicy updPolicy = policyService.getPopulatedViewObject(newUpdPolicy); dataHistService.createObjectDataHistory(updPolicy, RangerDataHistService.ACTION_UPDATE); - + bizUtil.createTrxLog(trxLogList); return updPolicy; @@ -2070,13 +1983,11 @@ public class ServiceDBStore extends AbstractServiceStore { policy.setVersion(version); List<XXTrxLog> trxLogList = policyService.getTransactionLog(policy, RangerPolicyService.OPERATION_DELETE_CONTEXT); - - deleteExistingPolicyItems(policy); - deleteExistingPolicyResources(policy); - deleteExistingPolicyLabel(policy); - + + policyRefUpdater.cleanupRefTables(policy); + deleteExistingPolicyLabel(policy); policyService.delete(policy); - handlePolicyUpdate(service, true); + handlePolicyUpdate(service); dataHistService.createObjectDataHistory(policy, RangerDataHistService.ACTION_DELETE); @@ -2085,35 +1996,6 @@ public class ServiceDBStore extends AbstractServiceStore { LOG.info("Policy Deleted Successfully. PolicyName : " + policyName); } - public void deletePolicy(RangerPolicy policy) throws Exception { - if(policy == null) { - return; - } - if(LOG.isDebugEnabled()) { - LOG.debug("==> ServiceDBStore.deletePolicy(" + policy.getId() + ")"); - } - RangerService service = getServiceByName(policy.getService()); - if(service == null) { - throw new Exception("service does not exist - name='" + policy.getService()); - } - Long version = policy.getVersion(); - if(version == null) { - version = Long.valueOf(1); - LOG.info("Found Version Value: `null`, so setting value of version to 1, While updating object, version should not be null."); - } else { - version = Long.valueOf(version.longValue() + 1); - } - policy.setVersion(version); - List<XXTrxLog> trxLogList = policyService.getTransactionLog(policy, RangerPolicyService.OPERATION_DELETE_CONTEXT); - deleteExistingPolicyItemsNative(policy); - deleteExistingPolicyResourcesNative(policy); - deleteExistingPolicyLabelNative(policy); - daoMgr.getXXPolicy().deletePolicyIDReference("id",policy.getId()); - handlePolicyUpdate(service, true); - dataHistService.createObjectDataHistory(policy, RangerDataHistService.ACTION_DELETE); - bizUtil.createTrxLog(trxLogList); - } - @Override public RangerPolicy getPolicy(Long id) throws Exception { return policyService.read(id); @@ -2814,22 +2696,20 @@ public class ServiceDBStore extends AbstractServiceStore { return validConfigs; } - private void handlePolicyUpdate(RangerService service, boolean isTagVersionUpdateNeeded) throws Exception { - updatePolicyVersion(service, isTagVersionUpdateNeeded); + private void handlePolicyUpdate(RangerService service) throws Exception { + updatePolicyVersion(service); } public enum VERSION_TYPE { POLICY_VERSION, TAG_VERSION, POLICY_AND_TAG_VERSION } - private void updatePolicyVersion(RangerService service, boolean isTagVersionUpdateNeeded) throws Exception { + private void updatePolicyVersion(RangerService service) throws Exception { if(service == null || service.getId() == null) { return; } - boolean filterForServicePlugin = RangerConfiguration.getInstance().getBoolean(RangerTagDBRetriever.OPTION_RANGER_FILTER_TAGS_FOR_SERVICE_PLUGIN, false); - XXServiceDao serviceDao = daoMgr.getXXService(); - XXService serviceDbObj = serviceDao.getById(service.getId()); + final XXService serviceDbObj = serviceDao.getById(service.getId()); if(serviceDbObj == null) { LOG.warn("updatePolicyVersion(serviceId=" + service.getId() + "): service not found"); @@ -2852,7 +2732,7 @@ public class ServiceDBStore extends AbstractServiceStore { if(CollectionUtils.isNotEmpty(referringServices)) { for(XXService referringService : referringServices) { final Long referringServiceId = referringService.getId(); - final VERSION_TYPE tagServiceversionType = filterForServicePlugin && isTagVersionUpdateNeeded ? VERSION_TYPE.POLICY_AND_TAG_VERSION : VERSION_TYPE.POLICY_VERSION; + final VERSION_TYPE tagServiceversionType = VERSION_TYPE.POLICY_VERSION; Runnable tagServiceVersionUpdater = new ServiceVersionUpdater(daoManager, referringServiceId, tagServiceversionType); transactionSynchronizationAdapter.executeOnTransactionCommit(tagServiceVersionUpdater); @@ -2893,352 +2773,40 @@ public class ServiceDBStore extends AbstractServiceStore { } } - private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception { - XXPolicyItem xPolicyItem = new XXPolicyItem(); - - xPolicyItem = rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy); - - xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin()); - xPolicyItem.setItemType(policyItemType); - xPolicyItem.setIsEnabled(Boolean.TRUE); - xPolicyItem.setComments(null); - xPolicyItem.setPolicyId(policy.getId()); - xPolicyItem.setOrder(itemOrder); - xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem); - - List<RangerPolicyItemAccess> accesses = policyItem.getAccesses(); - for (int i = 0; i < accesses.size(); i++) { - RangerPolicyItemAccess access = accesses.get(i); - - XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef() - .findByNameAndServiceId(access.getType(), - xPolicy.getService()); - if (xAccTypeDef == null) { - throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'"); - } - - XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess(); - - xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem); - xPolItemAcc.setIsAllowed(access.getIsAllowed()); - xPolItemAcc.setType(xAccTypeDef.getId()); - xPolItemAcc.setPolicyitemid(xPolicyItem.getId()); - xPolItemAcc.setOrder(i); - - daoMgr.getXXPolicyItemAccess().create(xPolItemAcc); - } - - List<String> users = policyItem.getUsers(); - for(int i = 0; i < users.size(); i++) { - String user = users.get(i); - if (StringUtils.isBlank(user)) { - continue; - } - XXUser xUser = daoMgr.getXXUser().findByUserName(user); - if(xUser == null) { - throw new Exception(user + ": user does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "' user='" + user +"'"); - } - XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm(); - xUserPerm = rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem); - xUserPerm.setUserId(xUser.getId()); - xUserPerm.setPolicyItemId(xPolicyItem.getId()); - xUserPerm.setOrder(i); - xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm); - } - - List<String> groups = policyItem.getGroups(); - for(int i = 0; i < groups.size(); i++) { - String group = groups.get(i); - if (StringUtils.isBlank(group)) { - continue; - } - XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); - if(xGrp == null) { - throw new Exception(group + ": group does not exist. policy='"+ policy.getName() + "' service='"+ policy.getService() + "' group='" + group + "'"); - } - XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm(); - xGrpPerm = rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem); - xGrpPerm.setGroupId(xGrp.getId()); - xGrpPerm.setPolicyItemId(xPolicyItem.getId()); - xGrpPerm.setOrder(i); - xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm); - } - - List<RangerPolicyItemCondition> conditions = policyItem.getConditions(); - for(RangerPolicyItemCondition condition : conditions) { - XXPolicyConditionDef xPolCond = daoMgr - .getXXPolicyConditionDef().findByServiceDefIdAndName( - xServiceDef.getId(), condition.getType()); - - if(xPolCond == null) { - throw new Exception(condition.getType() + ": is not a valid condition-type. policy='"+ xPolicy.getName() + "' service='"+ xPolicy.getService() + "'"); - } - - for(int i = 0; i < condition.getValues().size(); i++) { - String value = condition.getValues().get(i); - XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition(); - xPolItemCond = rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem); - xPolItemCond.setPolicyItemId(xPolicyItem.getId()); - xPolItemCond.setType(xPolCond.getId()); - xPolItemCond.setValue(value); - xPolItemCond.setOrder(i); - - daoMgr.getXXPolicyItemCondition().create(xPolItemCond); - } - } - - return xPolicyItem; - } - - private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { - if(CollectionUtils.isNotEmpty(policyItems)) { - for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { - RangerPolicyItem policyItem = policyItems.get(itemOrder); - createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType); - } - } - } - - private void createNewDataMaskPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerDataMaskPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { - if(CollectionUtils.isNotEmpty(policyItems)) { - for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { - RangerDataMaskPolicyItem policyItem = policyItems.get(itemOrder); - - XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType); - - RangerPolicyItemDataMaskInfo dataMaskInfo = policyItem.getDataMaskInfo(); - - if(dataMaskInfo != null) { - XXDataMaskTypeDef dataMaskDef = daoMgr.getXXDataMaskTypeDef().findByNameAndServiceId(dataMaskInfo.getDataMaskType(), xPolicy.getService()); - - if(dataMaskDef == null) { - throw new Exception(dataMaskInfo.getDataMaskType() + ": is not a valid datamask-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'"); - } - - XXPolicyItemDataMaskInfo xxDataMaskInfo = new XXPolicyItemDataMaskInfo(); - - xxDataMaskInfo.setPolicyItemId(xPolicyItem.getId()); - xxDataMaskInfo.setType(dataMaskDef.getId()); - xxDataMaskInfo.setConditionExpr(dataMaskInfo.getConditionExpr()); - xxDataMaskInfo.setValueExpr(dataMaskInfo.getValueExpr()); - - daoMgr.getXXPolicyItemDataMaskInfo().create(xxDataMaskInfo); + private void createNewLabelsForPolicy(XXPolicy xPolicy, List<String> policyLabels) throws Exception { + for (String policyLabel : policyLabels) { + XXPolicyLabel xXPolicyLabel = daoMgr.getXXPolicyLabels().findByName(policyLabel); + if (xXPolicyLabel == null) { + xXPolicyLabel = new XXPolicyLabel(); + if (StringUtils.isNotEmpty(policyLabel)) { + xXPolicyLabel.setPolicyLabel(policyLabel); + xXPolicyLabel = rangerAuditFields.populateAuditFieldsForCreate(xXPolicyLabel); + xXPolicyLabel = daoMgr.getXXPolicyLabels().create(xXPolicyLabel); } } - } - } - - private void createNewRowFilterPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerRowFilterPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception { - if(CollectionUtils.isNotEmpty(policyItems)) { - for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { - RangerRowFilterPolicyItem policyItem = policyItems.get(itemOrder); - - XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType); - - RangerPolicyItemRowFilterInfo dataMaskInfo = policyItem.getRowFilterInfo(); - - if(dataMaskInfo != null) { - XXPolicyItemRowFilterInfo xxRowFilterInfo = new XXPolicyItemRowFilterInfo(); - - xxRowFilterInfo.setPolicyItemId(xPolicyItem.getId()); - xxRowFilterInfo.setFilterExpr(dataMaskInfo.getFilterExpr()); - - xxRowFilterInfo = daoMgr.getXXPolicyItemRowFilterInfo().create(xxRowFilterInfo); - } - } - } - } - - private void createNewResourcesForPolicy(RangerPolicy policy, XXPolicy xPolicy, Map<String, RangerPolicyResource> resources) throws Exception { - - for (Entry<String, RangerPolicyResource> resource : resources.entrySet()) { - RangerPolicyResource policyRes = resource.getValue(); - - XXResourceDef xResDef = daoMgr.getXXResourceDef() - .findByNameAndPolicyId(resource.getKey(), policy.getId()); - if (xResDef == null) { - throw new Exception(resource.getKey() + ": is not a valid resource-type. policy='"+ policy.getName() + "' service='"+ policy.getService() + "'"); - } - - XXPolicyResource xPolRes = new XXPolicyResource(); - xPolRes = rangerAuditFields.populateAuditFields(xPolRes, xPolicy); - - xPolRes.setIsExcludes(policyRes.getIsExcludes()); - xPolRes.setIsRecursive(policyRes.getIsRecursive()); - xPolRes.setPolicyId(policy.getId()); - xPolRes.setResDefId(xResDef.getId()); - xPolRes = daoMgr.getXXPolicyResource().create(xPolRes); - - List<String> values = policyRes.getValues(); - if (CollectionUtils.isNotEmpty(values)) { - Set<String> uniqueValues = new LinkedHashSet<String>(values); - int i = 0; - if (CollectionUtils.isNotEmpty(uniqueValues)) { - for (String uniqValue : uniqueValues) { - if (!StringUtils.isEmpty(uniqValue)) { - XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap(); - xPolResMap = (XXPolicyResourceMap) rangerAuditFields.populateAuditFields(xPolResMap, - xPolRes); - xPolResMap.setResourceId(xPolRes.getId()); - xPolResMap.setValue(uniqValue); - xPolResMap.setOrder(i); - xPolResMap = daoMgr.getXXPolicyResourceMap().create(xPolResMap); - i++; - - } - } - } - } - } - } - - private void createNewLabelsForPolicy(XXPolicy xPolicy, List<String> policyLabels) - throws Exception { - for (String policyLabel : policyLabels) { - XXPolicyLabel xXPolicyLabel = daoMgr.getXXPolicyLabels().findByName(policyLabel); - if (xXPolicyLabel == null) { - xXPolicyLabel = new XXPolicyLabel(); - if (StringUtils.isNotEmpty(policyLabel)) { - xXPolicyLabel.setPolicyLabel(policyLabel); - xXPolicyLabel = rangerAuditFields.populateAuditFieldsForCreate(xXPolicyLabel); - xXPolicyLabel = daoMgr.getXXPolicyLabels().create(xXPolicyLabel); - } - } - if (xXPolicyLabel.getId() != null) { - XXPolicyLabelMap xxPolicyLabelMap = new XXPolicyLabelMap(); - xxPolicyLabelMap.setPolicyId(xPolicy.getId()); - xxPolicyLabelMap.setPolicyLabelId(xXPolicyLabel.getId()); - xxPolicyLabelMap = rangerAuditFields.populateAuditFieldsForCreate(xxPolicyLabelMap); - xxPolicyLabelMap = daoMgr.getXXPolicyLabelMap().create(xxPolicyLabelMap); - } - } - } - - - private Boolean deleteExistingPolicyItems(RangerPolicy policy) { - if(policy == null) { - return false; - } - - XXPolicyItemDao policyItemDao = daoMgr.getXXPolicyItem(); - List<XXPolicyItem> policyItems = policyItemDao.findByPolicyId(policy.getId()); - for(XXPolicyItem policyItem : policyItems) { - Long polItemId = policyItem.getId(); - - XXPolicyItemConditionDao polCondDao = daoMgr.getXXPolicyItemCondition(); - List<XXPolicyItemCondition> conditions = polCondDao.findByPolicyItemId(polItemId); - for(XXPolicyItemCondition condition : conditions) { - polCondDao.remove(condition); - } - - XXPolicyItemGroupPermDao grpPermDao = daoMgr.getXXPolicyItemGroupPerm(); - List<XXPolicyItemGroupPerm> groups = grpPermDao.findByPolicyItemId(polItemId); - for(XXPolicyItemGroupPerm group : groups) { - grpPermDao.remove(group); - } - - XXPolicyItemUserPermDao userPermDao = daoMgr.getXXPolicyItemUserPerm(); - List<XXPolicyItemUserPerm> users = userPermDao.findByPolicyItemId(polItemId); - for(XXPolicyItemUserPerm user : users) { - userPermDao.remove(user); + if (xXPolicyLabel.getId() != null) { + XXPolicyLabelMap xxPolicyLabelMap = new XXPolicyLabelMap(); + xxPolicyLabelMap.setPolicyId(xPolicy.getId()); + xxPolicyLabelMap.setPolicyLabelId(xXPolicyLabel.getId()); + xxPolicyLabelMap = rangerAuditFields.populateAuditFieldsForCreate(xxPolicyLabelMap); + xxPolicyLabelMap = daoMgr.getXXPolicyLabelMap().create(xxPolicyLabelMap); } - - XXPolicyItemAccessDao polItemAccDao = daoMgr.getXXPolicyItemAccess(); - List<XXPolicyItemAccess> accesses = polItemAccDao.findByPolicyItemId(polItemId); - for(XXPolicyItemAccess access : accesses) { - polItemAccDao.remove(access); - } - - XXPolicyItemDataMaskInfoDao polItemDataMaskInfoDao = daoMgr.getXXPolicyItemDataMaskInfo(); - List<XXPolicyItemDataMaskInfo> dataMaskInfos = polItemDataMaskInfoDao.findByPolicyItemId(polItemId); - for(XXPolicyItemDataMaskInfo dataMaskInfo : dataMaskInfos) { - polItemDataMaskInfoDao.remove(dataMaskInfo); - } - - XXPolicyItemRowFilterInfoDao polItemRowFilterInfoDao = daoMgr.getXXPolicyItemRowFilterInfo(); - List<XXPolicyItemRowFilterInfo> rowFilterInfos = polItemRowFilterInfoDao.findByPolicyItemId(polItemId); - for(XXPolicyItemRowFilterInfo rowFilterInfo : rowFilterInfos) { - polItemRowFilterInfoDao.remove(rowFilterInfo); - } - - policyItemDao.remove(policyItem); } - return true; } - private Boolean deleteExistingPolicyResources(RangerPolicy policy) { - if(policy == null) { + private Boolean deleteExistingPolicyLabel(RangerPolicy policy) { + if (policy == null) { return false; } - - List<XXPolicyResource> resources = daoMgr.getXXPolicyResource().findByPolicyId(policy.getId()); - - XXPolicyResourceDao resDao = daoMgr.getXXPolicyResource(); - for(XXPolicyResource resource : resources) { - List<XXPolicyResourceMap> resMapList = daoMgr.getXXPolicyResourceMap().findByPolicyResId(resource.getId()); - - XXPolicyResourceMapDao resMapDao = daoMgr.getXXPolicyResourceMap(); - for(XXPolicyResourceMap resMap : resMapList) { - resMapDao.remove(resMap); - } - resDao.remove(resource); - } - return true; - } - - private Boolean deleteExistingPolicyLabel(RangerPolicy policy) { - if (policy == null) { - return false; - } - - List<XXPolicyLabelMap> xxPolicyLabelMaps = daoMgr.getXXPolicyLabelMap().findByPolicyId(policy.getId()); - XXPolicyLabelMapDao policyLabelMapDao = daoMgr.getXXPolicyLabelMap(); - for (XXPolicyLabelMap xxPolicyLabelMap : xxPolicyLabelMaps) { - policyLabelMapDao.remove(xxPolicyLabelMap); - } - return true; - } - - - private Boolean deleteExistingPolicyItemsNative(RangerPolicy policy) { - if(policy == null) { - return false; - } - XXPolicyItemDao policyItemDao = daoMgr.getXXPolicyItem(); - List<XXPolicyItem> policyItems = policyItemDao.findByPolicyId(policy.getId()); - for(XXPolicyItem policyItem : policyItems) { - Long polItemId = policyItem.getId(); - daoMgr.getXXPolicyItemRowFilterInfo().deletePolicyIDReference("policy_item_id", polItemId); - daoMgr.getXXPolicyItemDataMaskInfo().deletePolicyIDReference("policy_item_id", polItemId); - daoMgr.getXXPolicyItemGroupPerm().deletePolicyIDReference("policy_item_id", polItemId); - daoMgr.getXXPolicyItemUserPerm().deletePolicyIDReference("policy_item_id", polItemId); - daoMgr.getXXPolicyItemCondition().deletePolicyIDReference("policy_item_id", polItemId); - daoMgr.getXXPolicyItemAccess().deletePolicyIDReference("policy_item_id", polItemId); - } - daoMgr.getXXPolicyItem().deletePolicyIDReference("policy_id", policy.getId()); - return true; - } - private Boolean deleteExistingPolicyResourcesNative(RangerPolicy policy) { - if(policy == null) { - return false; - } - List<XXPolicyResource> resources = daoMgr.getXXPolicyResource().findByPolicyId(policy.getId()); - for(XXPolicyResource resource : resources) { - daoMgr.getXXPolicyResourceMap().deletePolicyIDReference("resource_id", resource.getId()); - daoMgr.getXXPolicyResource().deletePolicyIDReference("id", resource.getId()); + List<XXPolicyLabelMap> xxPolicyLabelMaps = daoMgr.getXXPolicyLabelMap().findByPolicyId(policy.getId()); + XXPolicyLabelMapDao policyLabelMapDao = daoMgr.getXXPolicyLabelMap(); + for (XXPolicyLabelMap xxPolicyLabelMap : xxPolicyLabelMaps) { + policyLabelMapDao.remove(xxPolicyLabelMap); } return true; } - private Boolean deleteExistingPolicyLabelNative(RangerPolicy policy) { - if(policy == null) { - return false; - } - daoMgr.getXXPolicyLabelMap().deletePolicyIDReference("policy_id", policy.getId()); - return true; - } - @Override public Boolean getPopulateExistingBaseFields() { return populateExistingBaseFields; @@ -3631,8 +3199,8 @@ public class ServiceDBStore extends AbstractServiceStore { StringBuffer sbIsRecursive = new StringBuffer(); StringBuffer sbIsExcludes = new StringBuffer(); Map<String, RangerPolicyResource> resources = policy.getResources(); - RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicyItemDataMaskInfo(); - RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicyItemRowFilterInfo(); + RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); + RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); policyName = policy.getName(); policyName = policyName.replace("|", ""); if (resources != null) { @@ -3953,8 +3521,8 @@ public class ServiceDBStore extends AbstractServiceStore { StringBuffer sbIsRecursive = new StringBuffer(); StringBuffer sbIsExcludes = new StringBuffer(); Map<String, RangerPolicyResource> resources = policy.getResources(); - RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicyItemDataMaskInfo(); - RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicyItemRowFilterInfo(); + RangerPolicy.RangerPolicyItemDataMaskInfo dataMaskInfo = new RangerPolicy.RangerPolicyItemDataMaskInfo(); + RangerPolicy.RangerPolicyItemRowFilterInfo filterInfo = new RangerPolicy.RangerPolicyItemRowFilterInfo(); cell = row.createCell(1); cell.setCellValue(policy.getName()); cell = row.createCell(2);
http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java index d29df93..3cc4765 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java @@ -21,35 +21,26 @@ package org.apache.ranger.biz; import java.util.ArrayList; import java.util.Arrays; -import java.util.HashMap; import java.util.List; import java.util.Map; import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.ranger.authorization.utils.JsonUtils; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerAdminTagEnricher; import org.apache.ranger.common.RangerServiceTagsCache; import org.apache.ranger.db.RangerDaoManager; -import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.entity.XXService; -import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.entity.XXServiceResource; import org.apache.ranger.entity.XXServiceVersionInfo; import org.apache.ranger.entity.XXTag; -import org.apache.ranger.entity.XXTagAttribute; -import org.apache.ranger.entity.XXTagAttributeDef; -import org.apache.ranger.entity.XXServiceResourceElement; -import org.apache.ranger.entity.XXServiceResourceElementValue; import org.apache.ranger.entity.XXTagResourceMap; import org.apache.ranger.plugin.model.*; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerTagDef.RangerTagAttributeDef; import org.apache.ranger.plugin.model.validation.RangerValidityScheduleValidator; import org.apache.ranger.plugin.model.validation.ValidationFailureDetails; import org.apache.ranger.plugin.store.AbstractTagStore; @@ -119,8 +110,6 @@ public class TagDBStore extends AbstractTagStore { RangerTagDef ret = rangerTagDefService.create(tagDef); - createTagAttributeDefs(ret.getId(), tagDef.getAttributeDefs()); - ret = rangerTagDefService.read(ret.getId()); if (LOG.isDebugEnabled()) { @@ -140,6 +129,8 @@ public class TagDBStore extends AbstractTagStore { if (existing == null) { throw errorUtil.createRESTException("failed to update tag-def [" + tagDef.getName() + "], Reason: No TagDef found with id: [" + tagDef.getId() + "]", MessageEnums.DATA_NOT_UPDATABLE); + } else if (!existing.getName().equals(tagDef.getName())) { + throw errorUtil.createRESTException("Cannot change tag-def name; existing-name:[" + existing.getName() + "], new-name:[" + tagDef.getName() + "]", MessageEnums.DATA_NOT_UPDATABLE); } tagDef.setCreatedBy(existing.getCreatedBy()); @@ -149,10 +140,6 @@ public class TagDBStore extends AbstractTagStore { RangerTagDef ret = rangerTagDefService.update(tagDef); - // TODO: delete attributes might fail; so instead of delete+create, following should be updated to deal with only attributes that changed - deleteTagAttributeDefs(ret.getId()); - createTagAttributeDefs(ret.getId(), tagDef.getAttributeDefs()); - ret = rangerTagDefService.read(ret.getId()); if (LOG.isDebugEnabled()) { @@ -176,7 +163,6 @@ public class TagDBStore extends AbstractTagStore { LOG.debug("Deleting tag-def [name=" + name + "; id=" + tagDef.getId() + "]"); } - deleteTagAttributeDefs(tagDef.getId()); rangerTagDefService.delete(tagDef); } } @@ -196,7 +182,6 @@ public class TagDBStore extends AbstractTagStore { RangerTagDef tagDef = rangerTagDefService.read(id); if(tagDef != null) { - deleteTagAttributeDefs(tagDef.getId()); rangerTagDefService.delete(tagDef); } } @@ -311,8 +296,6 @@ public class TagDBStore extends AbstractTagStore { RangerTag ret = rangerTagService.create(tag); - createTagAttributes(ret.getId(), tag.getAttributes()); - ret = rangerTagService.read(ret.getId()); if (LOG.isDebugEnabled()) { @@ -343,9 +326,6 @@ public class TagDBStore extends AbstractTagStore { RangerTag ret = rangerTagService.update(tag); - deleteTagAttributes(existing.getId()); - createTagAttributes(existing.getId(), tag.getAttributes()); - ret = rangerTagService.read(ret.getId()); if (LOG.isDebugEnabled()) { @@ -363,8 +343,6 @@ public class TagDBStore extends AbstractTagStore { RangerTag tag = rangerTagService.read(id); - deleteTagAttributes(id); - rangerTagService.delete(tag); if (LOG.isDebugEnabled()) { @@ -504,8 +482,6 @@ public class TagDBStore extends AbstractTagStore { RangerServiceResource ret = rangerServiceResourceService.create(resource); - createResourceForServiceResource(ret.getId(), resource); - ret = rangerServiceResourceService.read(ret.getId()); if (LOG.isDebugEnabled()) { @@ -533,9 +509,6 @@ public class TagDBStore extends AbstractTagStore { resource.setResourceSignature(serializer.getSignature()); } - boolean serviceResourceElementUpdateNeeded = - !StringUtils.equals(existing.getResourceSignature(), resource.getResourceSignature()); - resource.setCreatedBy(existing.getCreatedBy()); resource.setCreateTime(existing.getCreateTime()); resource.setGuid(existing.getGuid()); @@ -543,11 +516,6 @@ public class TagDBStore extends AbstractTagStore { rangerServiceResourceService.update(resource); - if (serviceResourceElementUpdateNeeded) { - deleteResourceForServiceResource(existing.getId()); - createResourceForServiceResource(existing.getId(), resource); - } - RangerServiceResource ret = rangerServiceResourceService.read(existing.getId()); if (LOG.isDebugEnabled()) { @@ -557,6 +525,24 @@ public class TagDBStore extends AbstractTagStore { return ret; } + + @Override + public void refreshServiceResource(Long resourceId) throws Exception { + XXServiceResource serviceResourceEntity = daoManager.getXXServiceResource().getById(resourceId); + String tagsText = null; + + List<RangerTagResourceMap> tagResourceMaps = getTagResourceMapsForResourceId(resourceId); + if (tagResourceMaps != null) { + List<RangerTag> associatedTags = new ArrayList<>(); + for (RangerTagResourceMap element : tagResourceMaps) { + associatedTags.add(getTag(element.getTagId())); + } + tagsText = JsonUtils.listToJson(associatedTags); + } + serviceResourceEntity.setTags(tagsText); + daoManager.getXXServiceResource().update(serviceResourceEntity); + } + @Override public void deleteServiceResource(Long id) throws Exception { if (LOG.isDebugEnabled()) { @@ -566,7 +552,6 @@ public class TagDBStore extends AbstractTagStore { RangerServiceResource resource = getServiceResource(id); if(resource != null) { - deleteResourceForServiceResource(resource.getId()); rangerServiceResourceService.delete(resource); } @@ -584,7 +569,6 @@ public class TagDBStore extends AbstractTagStore { RangerServiceResource resource = getServiceResourceByGuid(guid); if(resource != null) { - deleteResourceForServiceResource(resource.getId()); rangerServiceResourceService.delete(resource); } @@ -725,6 +709,9 @@ public class TagDBStore extends AbstractTagStore { RangerTagResourceMap ret = rangerTagResourceMapService.create(tagResourceMap); + // We also need to update tags stored with the resource + refreshServiceResource(tagResourceMap.getResourceId()); + if (LOG.isDebugEnabled()) { LOG.debug("<== TagDBStore.createTagResourceMap(" + tagResourceMap + "): " + ret); } @@ -747,6 +734,8 @@ public class TagDBStore extends AbstractTagStore { if (tag.getOwner() == RangerTag.OWNER_SERVICERESOURCE) { deleteTag(tagId); } + // We also need to update tags stored with the resource + refreshServiceResource(tagResourceMap.getResourceId()); if (LOG.isDebugEnabled()) { LOG.debug("<== TagDBStore.deleteTagResourceMap(" + id + ")"); @@ -1002,31 +991,7 @@ public class TagDBStore extends AbstractTagStore { Map<Long, RangerTagDef> tagDefMap = tagDBRetriever.getTagDefs(); Map<Long, RangerTag> tagMap = tagDBRetriever.getTags(); List<RangerServiceResource> resources = tagDBRetriever.getServiceResources(); - List<RangerTagResourceMap> tagResourceMaps = tagDBRetriever.getTagResourceMaps(); - - Map<Long, List<Long>> resourceToTagIds = new HashMap<Long, List<Long>>(); - - if (CollectionUtils.isNotEmpty(tagResourceMaps)) { - Long resourceId = null; - List<Long> tagIds = null; - - for (RangerTagResourceMap tagResourceMap : tagResourceMaps) { - if (!tagResourceMap.getResourceId().equals(resourceId)) { - if (resourceId != null) { - resourceToTagIds.put(resourceId, tagIds); - } - - resourceId = tagResourceMap.getResourceId(); - tagIds = new ArrayList<Long>(); - } - - tagIds.add(tagResourceMap.getTagId()); - } - - if (resourceId != null) { - resourceToTagIds.put(resourceId, tagIds); - } - } + Map<Long, List<Long>> resourceToTagIds = tagDBRetriever.getResourceToTagIds(); ret = new ServiceTags(); @@ -1045,159 +1010,6 @@ public class TagDBStore extends AbstractTagStore { } - private List<XXTagAttributeDef> createTagAttributeDefs(Long tagDefId, List<RangerTagAttributeDef> tagAttrDefList) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> TagDBStore.createTagAttributeDefs(" + tagDefId + ", attributeDefCount=" + (tagAttrDefList == null ? 0 : tagAttrDefList.size()) + ")"); - } - - if (tagDefId == null) { - throw errorUtil.createRESTException("TagDBStore.createTagAttributeDefs(): Error creating tag-attr def. tagDefId can not be null.", MessageEnums.ERROR_CREATING_OBJECT); - } - - List<XXTagAttributeDef> ret = new ArrayList<XXTagAttributeDef>(); - - if (CollectionUtils.isNotEmpty(tagAttrDefList)) { - for (RangerTagDef.RangerTagAttributeDef attrDef : tagAttrDefList) { - XXTagAttributeDef xAttrDef = new XXTagAttributeDef(); - - xAttrDef.setTagDefId(tagDefId); - xAttrDef.setName(attrDef.getName()); - xAttrDef.setType(attrDef.getType()); - xAttrDef = rangerAuditFields.populateAuditFieldsForCreate(xAttrDef); - - xAttrDef = daoManager.getXXTagAttributeDef().create(xAttrDef); - - ret.add(xAttrDef); - } - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== TagDBStore.createTagAttributeDefs(" + tagDefId + ", attributeDefCount=" + (tagAttrDefList == null ? 0 : tagAttrDefList.size()) + "): retCount=" + ret.size()); - } - - return ret; - } - - private void deleteTagAttributeDefs(Long tagDefId) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> TagDBStore.deleteTagAttributeDefs(" + tagDefId + ")"); - } - - if (tagDefId != null) { - List<XXTagAttributeDef> tagAttrDefList = daoManager.getXXTagAttributeDef().findByTagDefId(tagDefId); - - if (CollectionUtils.isNotEmpty(tagAttrDefList)) { - for (XXTagAttributeDef xAttrDef : tagAttrDefList) { - if (LOG.isDebugEnabled()) { - LOG.debug("Deleting tag-attribute def [name=" + xAttrDef.getName() + "; id=" + xAttrDef.getId() + "]"); - } - daoManager.getXXTagAttributeDef().remove(xAttrDef); - } - } - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== TagDBStore.deleteTagAttributeDefs(" + tagDefId + ")"); - } - } - - private List<XXTagAttribute> createTagAttributes(Long tagId, Map<String, String> attributes) throws Exception { - List<XXTagAttribute> ret = new ArrayList<XXTagAttribute>(); - - if(MapUtils.isNotEmpty(attributes)) { - for (Map.Entry<String, String> attr : attributes.entrySet()) { - XXTagAttribute xTagAttr = new XXTagAttribute(); - - xTagAttr.setTagId(tagId); - xTagAttr.setName(attr.getKey()); - xTagAttr.setValue(attr.getValue()); - xTagAttr = rangerAuditFields.populateAuditFieldsForCreate(xTagAttr); - - xTagAttr = daoManager.getXXTagAttribute().create(xTagAttr); - - ret.add(xTagAttr); - } - } - - return ret; - } - - private void deleteTagAttributes(Long tagId) { - List<XXTagAttribute> tagAttrList = daoManager.getXXTagAttribute().findByTagId(tagId); - for (XXTagAttribute tagAttr : tagAttrList) { - daoManager.getXXTagAttribute().remove(tagAttr); - } - } - - private void deleteResourceForServiceResource(Long resourceId) { - List<XXServiceResourceElement> resElements = daoManager.getXXServiceResourceElement().findByResourceId(resourceId); - - if(CollectionUtils.isNotEmpty(resElements)) { - for(XXServiceResourceElement resElement : resElements) { - List<XXServiceResourceElementValue> elementValues = daoManager.getXXServiceResourceElementValue().findByResValueId(resElement.getId()); - - if(CollectionUtils.isNotEmpty(elementValues)) { - for(XXServiceResourceElementValue elementValue : elementValues) { - daoManager.getXXServiceResourceElementValue().remove(elementValue.getId()); - } - } - - daoManager.getXXServiceResourceElement().remove(resElement.getId()); - } - } - } - - private void createResourceForServiceResource(Long resourceId, RangerServiceResource serviceResource) { - String serviceName = serviceResource.getServiceName(); - - XXService xService = daoManager.getXXService().findByName(serviceName); - - if (xService == null) { - throw errorUtil.createRESTException("No Service found with name: " + serviceName, MessageEnums.ERROR_CREATING_OBJECT); - } - - XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType()); - - if (xServiceDef == null) { - throw errorUtil.createRESTException("No Service-Def found with ID: " + xService.getType(), MessageEnums.ERROR_CREATING_OBJECT); - } - - Map<String, RangerPolicy.RangerPolicyResource> resElements = serviceResource.getResourceElements(); - - for (Map.Entry<String, RangerPolicyResource> resElement : resElements.entrySet()) { - XXResourceDef xResDef = daoManager.getXXResourceDef().findByNameAndServiceDefId(resElement.getKey(), xServiceDef.getId()); - - if (xResDef == null) { - LOG.error("TagDBStore.createResource: ResourceType is not valid [" + resElement.getKey() + "]"); - throw errorUtil.createRESTException("Resource Type is not valid [" + resElement.getKey() + "]", MessageEnums.DATA_NOT_FOUND); - } - - RangerPolicyResource policyRes = resElement.getValue(); - - XXServiceResourceElement resourceElement = new XXServiceResourceElement(); - resourceElement.setIsExcludes(policyRes.getIsExcludes()); - resourceElement.setIsRecursive(policyRes.getIsRecursive()); - resourceElement.setResDefId(xResDef.getId()); - resourceElement.setResourceId(resourceId); - - resourceElement = rangerAuditFields.populateAuditFieldsForCreate(resourceElement); - - resourceElement = daoManager.getXXServiceResourceElement().create(resourceElement); - - int sortOrder = 1; - for (String resVal : policyRes.getValues()) { - XXServiceResourceElementValue resourceElementValue = new XXServiceResourceElementValue(); - resourceElementValue.setResElementId(resourceElement.getId()); - resourceElementValue.setValue(resVal); - resourceElementValue.setSortOrder(sortOrder); - resourceElementValue = rangerAuditFields.populateAuditFieldsForCreate(resourceElementValue); - - resourceElementValue = daoManager.getXXServiceResourceElementValue().create(resourceElementValue); - sortOrder++; - } - } - } - @Override public void deleteAllTagObjectsForService(String serviceName) throws Exception { @@ -1210,8 +1022,6 @@ public class TagDBStore extends AbstractTagStore { if (service != null) { Long serviceId = service.getId(); - List<XXTagAttribute> xxTagAttributes = daoManager.getXXTagAttribute().findByServiceIdAndOwner(serviceId, RangerTag.OWNER_SERVICERESOURCE); - List<XXTag> xxTags = daoManager.getXXTag().findByServiceIdAndOwner(serviceId, RangerTag.OWNER_SERVICERESOURCE); List<XXTagResourceMap> xxTagResourceMaps = daoManager.getXXTagResourceMap().findByServiceId(serviceId); @@ -1227,17 +1037,6 @@ public class TagDBStore extends AbstractTagStore { } } - if (CollectionUtils.isNotEmpty(xxTagAttributes)) { - for (XXTagAttribute xxTagAttribute : xxTagAttributes) { - try { - daoManager.getXXTagAttribute().remove(xxTagAttribute); - } catch (Exception e) { - LOG.error("Error deleting RangerTagAttribute with id=" + xxTagAttribute.getId(), e); - throw e; - } - } - } - if (CollectionUtils.isNotEmpty(xxTags)) { for (XXTag xxTag : xxTags) { try { @@ -1249,32 +1048,6 @@ public class TagDBStore extends AbstractTagStore { } } - List<XXServiceResourceElementValue> xxServiceResourceElementValues = daoManager.getXXServiceResourceElementValue().findByServiceId(serviceId); - - if (CollectionUtils.isNotEmpty(xxServiceResourceElementValues)) { - for (XXServiceResourceElementValue xxServiceResourceElementValue : xxServiceResourceElementValues) { - try { - daoManager.getXXServiceResourceElementValue().remove(xxServiceResourceElementValue); - } catch (Exception e) { - LOG.error("Error deleting ServiceResourceElementValue with id=" + xxServiceResourceElementValue.getId(), e); - throw e; - } - } - } - - List<XXServiceResourceElement> xxServiceResourceElements = daoManager.getXXServiceResourceElement().findByServiceId(serviceId); - - if (CollectionUtils.isNotEmpty(xxServiceResourceElements)) { - for (XXServiceResourceElement xxServiceResourceElement : xxServiceResourceElements) { - try { - daoManager.getXXServiceResourceElement().remove(xxServiceResourceElement); - } catch (Exception e) { - LOG.error("Error deleting ServiceResourceElement with id=" + xxServiceResourceElement.getId(), e); - throw e; - } - } - } - List<XXServiceResource> xxServiceResources = daoManager.getXXServiceResource().findByServiceId(serviceId); if (CollectionUtils.isNotEmpty(xxServiceResources)) { http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java index 0d5689a..0724952 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java @@ -274,6 +274,7 @@ public class RangerServicePoliciesCache { // policy.setName(null); /* this is used by GUI in policy list page */ // policy.setDescription(null); /* this is used by export policy */ policy.setResourceSignature(null); + policy.setOptions(null); } } } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java index 5dffc0e..5cecef1 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java +++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java @@ -264,5 +264,29 @@ public abstract class RangerDaoManagerBase { public XXUgsyncAuditInfoDao getXXUgsyncAuditInfo() { return new XXUgsyncAuditInfoDao(this); } + + public XXPolicyRefConditionDao getXXPolicyRefCondition() { + return new XXPolicyRefConditionDao(this); + } + + public XXPolicyRefGroupDao getXXPolicyRefGroup() { + return new XXPolicyRefGroupDao(this); + } + + public XXPolicyRefDataMaskTypeDao getXXPolicyRefDataMaskType() { + return new XXPolicyRefDataMaskTypeDao(this); + } + + public XXPolicyRefResourceDao getXXPolicyRefResource() { + return new XXPolicyRefResourceDao(this); + } + + public XXPolicyRefUserDao getXXPolicyRefUser() { + return new XXPolicyRefUserDao(this); + } + + public XXPolicyRefAccessTypeDao getXXPolicyRefAccessType() { + return new XXPolicyRefAccessTypeDao(this); + } } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java index e04280b..8f57498 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXAccessTypeDefDao.java @@ -60,5 +60,4 @@ public class XXAccessTypeDefDao extends BaseDao<XXAccessTypeDef> { return null; } } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java index 3dd4376..83c2881 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXDataMaskTypeDefDao.java @@ -60,5 +60,4 @@ public class XXDataMaskTypeDefDao extends BaseDao<XXDataMaskTypeDef> { return null; } } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java index 9a87b4c..1bd59f8 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupDao.java @@ -23,8 +23,6 @@ import java.util.ArrayList; import java.util.List; -import javax.persistence.NoResultException; - import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXGroup; import org.springframework.stereotype.Service; @@ -68,19 +66,5 @@ public class XXGroupDao extends BaseDao<XXGroup> { } return null; } - - @SuppressWarnings("unchecked") - public List<String> findByPolicyItemId(Long polItemId) { - if (polItemId == null) { - return null; - } - try { - return getEntityManager() - .createNamedQuery("XXGroup.findByPolicyItemId") - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return null; - } - } } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java index a12140a..de2c47d 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java @@ -61,33 +61,5 @@ public class XXPolicyConditionDefDao extends BaseDao<XXPolicyConditionDef> { return null; } } - - public List<XXPolicyConditionDef> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyConditionDef>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyConditionDef.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyConditionDef>(); - } - } - - public XXPolicyConditionDef findByPolicyItemIdAndName(Long polItemId, String name) { - if(polItemId == null || name == null) { - return null; - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyConditionDef.findByPolicyItemIdAndName", tClass) - .setParameter("polItemId", polItemId) - .setParameter("name", name).getSingleResult(); - } catch (NoResultException e) { - return null; - } - } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java index 9be38de..671ed0e 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java @@ -32,19 +32,6 @@ public class XXPolicyItemAccessDao extends BaseDao<XXPolicyItemAccess> { public XXPolicyItemAccessDao(RangerDaoManagerBase daoManager) { super(daoManager); } - - public List<XXPolicyItemAccess> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemAccess>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemAccess.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemAccess>(); - } - } public List<XXPolicyItemAccess> findByPolicyId(Long policyId) { if(policyId == null) { @@ -72,16 +59,4 @@ public class XXPolicyItemAccessDao extends BaseDao<XXPolicyItemAccess> { } } - public List<XXPolicyItemAccess> findByType(Long type) { - if (type == null) { - return new ArrayList<XXPolicyItemAccess>(); - } - try { - return getEntityManager().createNamedQuery("XXPolicyItemAccess.findByType", tClass) - .setParameter("type", type).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemAccess>(); - } - } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java index 9b11545..43e17db 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java @@ -32,19 +32,6 @@ public class XXPolicyItemConditionDao extends BaseDao<XXPolicyItemCondition> { public XXPolicyItemConditionDao(RangerDaoManagerBase daoManager) { super(daoManager); } - - public List<XXPolicyItemCondition> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemCondition>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemCondition.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemCondition>(); - } - } public List<XXPolicyItemCondition> findByPolicyId(Long policyId) { if(policyId == null) { @@ -72,31 +59,4 @@ public class XXPolicyItemConditionDao extends BaseDao<XXPolicyItemCondition> { } } - public List<XXPolicyItemCondition> findByPolicyItemAndDefId(Long polItemId, - Long polCondDefId) { - if(polItemId == null || polCondDefId == null) { - return new ArrayList<XXPolicyItemCondition>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemCondition.findByPolicyItemAndDefId", tClass) - .setParameter("polItemId", polItemId) - .setParameter("polCondDefId", polCondDefId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemCondition>(); - } - } - - public List<XXPolicyItemCondition> findByPolicyConditionDefId(Long polCondDefId) { - if (polCondDefId == null) { - return new ArrayList<XXPolicyItemCondition>(); - } - try { - return getEntityManager().createNamedQuery("XXPolicyItemCondition.findByPolicyConditionDefId", tClass) - .setParameter("polCondDefId", polCondDefId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemCondition>(); - } - } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java index 67c7e99..5cee710 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java @@ -32,19 +32,6 @@ public class XXPolicyItemDataMaskInfoDao extends BaseDao<XXPolicyItemDataMaskInf public XXPolicyItemDataMaskInfoDao(RangerDaoManagerBase daoManager) { super(daoManager); } - - public List<XXPolicyItemDataMaskInfo> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemDataMaskInfo>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemDataMaskInfo.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemDataMaskInfo>(); - } - } public List<XXPolicyItemDataMaskInfo> findByPolicyId(Long policyId) { if(policyId == null) { @@ -72,16 +59,4 @@ public class XXPolicyItemDataMaskInfoDao extends BaseDao<XXPolicyItemDataMaskInf } } - public List<XXPolicyItemDataMaskInfo> findByType(Long type) { - if (type == null) { - return new ArrayList<XXPolicyItemDataMaskInfo>(); - } - try { - return getEntityManager().createNamedQuery("XXPolicyItemDataMaskInfo.findByType", tClass) - .setParameter("type", type).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemDataMaskInfo>(); - } - } - } http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java index a6fd8c6..68cf4d0 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java @@ -33,19 +33,6 @@ public class XXPolicyItemGroupPermDao extends BaseDao<XXPolicyItemGroupPerm> { super(daoManager); } - public List<XXPolicyItemGroupPerm> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemGroupPerm>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemGroupPerm.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemGroupPerm>(); - } - } - public List<XXPolicyItemGroupPerm> findByPolicyId(Long policyId) { if(policyId == null) { return new ArrayList<XXPolicyItemGroupPerm>(); http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java index 01a36a5..9c2edbc 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java @@ -31,19 +31,6 @@ public class XXPolicyItemRowFilterInfoDao extends BaseDao<XXPolicyItemRowFilterI public XXPolicyItemRowFilterInfoDao(RangerDaoManagerBase daoManager) { super(daoManager); } - - public List<XXPolicyItemRowFilterInfo> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemRowFilterInfo>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemRowFilterInfo.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemRowFilterInfo>(); - } - } public List<XXPolicyItemRowFilterInfo> findByPolicyId(Long policyId) { if(policyId == null) { http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java index 6672654..63ef5ca 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java @@ -33,19 +33,6 @@ public class XXPolicyItemUserPermDao extends BaseDao<XXPolicyItemUserPerm> { super(daoManager); } - public List<XXPolicyItemUserPerm> findByPolicyItemId(Long polItemId) { - if(polItemId == null) { - return new ArrayList<XXPolicyItemUserPerm>(); - } - try { - return getEntityManager() - .createNamedQuery("XXPolicyItemUserPerm.findByPolicyItemId", tClass) - .setParameter("polItemId", polItemId).getResultList(); - } catch (NoResultException e) { - return new ArrayList<XXPolicyItemUserPerm>(); - } - } - public List<XXPolicyItemUserPerm> findByPolicyId(Long policyId) { if(policyId == null) { return new ArrayList<XXPolicyItemUserPerm>(); http://git-wip-us.apache.org/repos/asf/ranger/blob/9e6b41e5/security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java new file mode 100644 index 0000000..1ef01bb --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyRefAccessTypeDao.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.ranger.biz.RangerPolicyRetriever; +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXPolicyRefAccessType; +import org.springframework.stereotype.Service; + +@Service +public class XXPolicyRefAccessTypeDao extends BaseDao<XXPolicyRefAccessType> { + + public XXPolicyRefAccessTypeDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXPolicyRefAccessType> findByPolicyId(Long polId) { + if(polId == null) { + return Collections.EMPTY_LIST; + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyRefAccessType.findByPolicyId", tClass) + .setParameter("policyId", polId).getResultList(); + } catch (NoResultException e) { + return Collections.EMPTY_LIST; + } + } + + public List<XXPolicyRefAccessType> findByAccessTypeDefId(Long accessTypeDefId) { + if (accessTypeDefId == null) { + return Collections.EMPTY_LIST; + } + try { + return getEntityManager().createNamedQuery("XXPolicyRefAccessType.findByAccessTypeDefId", tClass) + .setParameter("accessDefId", accessTypeDefId) + .getResultList(); + } catch (NoResultException e) { + return Collections.EMPTY_LIST; + } + } + + @SuppressWarnings("unchecked") + public List<RangerPolicyRetriever.PolicyTextNameMap> findUpdatedAccessNamesByPolicy(Long policyId) { + List<RangerPolicyRetriever.PolicyTextNameMap> ret = new ArrayList<>(); + if (policyId != null) { + List<Object[]> rows = (List<Object[]>) getEntityManager() + .createNamedQuery("XXPolicyRefAccessType.findUpdatedAccessNamesByPolicy") + .setParameter("policy", policyId) + .getResultList(); + if (rows != null) { + for (Object[] row : rows) { + ret.add(new RangerPolicyRetriever.PolicyTextNameMap((Long)row[0], (String)row[1], (String)row[2])); + } + } + } + return ret; + } + + @SuppressWarnings("unchecked") + public List<RangerPolicyRetriever.PolicyTextNameMap> findUpdatedAccessNamesByService(Long serviceId) { + List<RangerPolicyRetriever.PolicyTextNameMap> ret = new ArrayList<>(); + if (serviceId != null) { + List<Object[]> rows = (List<Object[]>) getEntityManager() + .createNamedQuery("XXPolicyRefAccessType.findUpdatedAccessNamesByService") + .setParameter("service", serviceId) + .getResultList(); + if (rows != null) { + for (Object[] row : rows) { + ret.add(new RangerPolicyRetriever.PolicyTextNameMap((Long)row[0], (String)row[1], (String)row[2])); + } + } + } + return ret; + } + +}
