This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 1fbd0a3 RANGER-3172 : Patch to migrate old policy to use new Policy
Ref table
1fbd0a3 is described below
commit 1fbd0a31527d87a5d2d0bb239ac4ca9be3a58b57
Author: Dineshkumar Yadav <[email protected]>
AuthorDate: Wed Feb 17 17:02:16 2021 +0530
RANGER-3172 : Patch to migrate old policy to use new Policy Ref table
Signed-off-by: Nitin Galave <[email protected]>
---
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../050-create-index-for-resource-signature.sql | 4 +-
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../sqlanywhere/patches/049-create-rms-schema.sql | 11 +-
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../java/org/apache/ranger/db/XXPolicyDao.java | 10 +
.../apache/ranger/db/XXPolicyItemAccessDao.java | 8 +
.../apache/ranger/db/XXPolicyItemConditionDao.java | 8 +
.../java/org/apache/ranger/db/XXPolicyItemDao.java | 9 +
.../ranger/db/XXPolicyItemDataMaskInfoDao.java | 8 +
.../apache/ranger/db/XXPolicyItemGroupPermDao.java | 9 +
.../ranger/db/XXPolicyItemRowFilterInfoDao.java | 9 +
.../apache/ranger/db/XXPolicyItemUserPermDao.java | 9 +
.../org/apache/ranger/db/XXPolicyResourceDao.java | 8 +
.../apache/ranger/db/XXPolicyResourceMapDao.java | 9 +
...atchForMigratingOldRegimePolicyJson_J10046.java | 530 +++++++++++++++++++++
.../main/resources/META-INF/jpa_named_queries.xml | 38 ++
19 files changed, 672 insertions(+), 4 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index ad8c3ff..7179dc9 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1833,4 +1833,5 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10043',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10044',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10045',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10046',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git
a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 759cdd0..40917cd 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2047,5 +2047,6 @@ INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10043',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10044',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10045',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'J10046',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h
(id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES
(X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger
1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git
a/security-admin/db/oracle/patches/050-create-index-for-resource-signature.sql
b/security-admin/db/oracle/patches/050-create-index-for-resource-signature.sql
index 6974f7c..2e1964c 100644
---
a/security-admin/db/oracle/patches/050-create-index-for-resource-signature.sql
+++
b/security-admin/db/oracle/patches/050-create-index-for-resource-signature.sql
@@ -17,9 +17,9 @@
DECLARE
v_index_exists number:=0;
BEGIN
- SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME
= upper('x_rms_svc_res_IDX_resource_signature') AND TABLE_NAME=
upper('x_rms_service_resource');
+ SELECT COUNT(*) INTO v_index_exists FROM USER_INDEXES WHERE INDEX_NAME
= upper('x_rms_svc_res_IDX_res_sgn') AND TABLE_NAME=
upper('x_rms_service_resource');
IF (v_index_exists = 0) THEN
- execute IMMEDIATE 'CREATE INDEX
x_rms_svc_res_IDX_resource_signature ON
x_rms_service_resource(resource_signature)';
+ execute IMMEDIATE 'CREATE INDEX x_rms_svc_res_IDX_res_sgn ON
x_rms_service_resource(resource_signature)';
commit;
END IF;
END;/
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 022ff82..ba9eb01 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1971,6 +1971,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10043',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10044',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10045',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10046',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',current_timestamp,'Ranger
1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 69ccd81..371846f 100644
---
a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++
b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2391,6 +2391,8 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git a/security-admin/db/sqlanywhere/patches/049-create-rms-schema.sql
b/security-admin/db/sqlanywhere/patches/049-create-rms-schema.sql
index feb7b7f..bb11a1c 100644
--- a/security-admin/db/sqlanywhere/patches/049-create-rms-schema.sql
+++ b/security-admin/db/sqlanywhere/patches/049-create-rms-schema.sql
@@ -33,8 +33,8 @@ BEGIN
SET @drpstmt = 'DROP TABLE IF EXISTS ' + @tblname;
execute(@drpstmt)
END
-
GO
+
call dbo.removeForeignKeysAndTable('x_rms_notification')
GO
call dbo.removeForeignKeysAndTable('x_rms_resource_mapping')
@@ -60,8 +60,9 @@ primary key (id),
CONSTRAINT x_rms_notification_FK_hl_service_id FOREIGN KEY(hl_service_id)
REFERENCES x_service(id),
CONSTRAINT x_rms_notification_FK_ll_service_id FOREIGN KEY(ll_service_id)
REFERENCES x_service(id)
);
+GO
CREATE INDEX x_rms_service_resource_IDX_service_id ON
x_rms_service_resource(service_id);
-
+GO
CREATE TABLE dbo.x_rms_notification (
id BIGINT IDENTITY NOT NULL ,
@@ -77,11 +78,13 @@ PRIMARY KEY (id),
CONSTRAINT x_rms_notification_FK_hl_service_id FOREIGN KEY(hl_service_id)
REFERENCES x_service(id),
CONSTRAINT x_rms_notification_FK_ll_service_id FOREIGN KEY(ll_service_id)
REFERENCES x_service(id)
);
+GO
CREATE INDEX x_rms_notification_IDX_notification_id ON
x_rms_notification(notification_id);
CREATE INDEX x_rms_notification_IDX_hms_name_notification_id ON
x_rms_notification(hms_name, notification_id);
CREATE INDEX x_rms_notification_IDX_hl_service_id ON
x_rms_notification(hl_service_id);
CREATE INDEX x_rms_notification_IDX_ll_service_id ON
x_rms_notification(ll_service_id);
+GO
CREATE TABLE dbo.x_rms_resource_mapping(
id BIGINT IDENTITY NOT NULL ,
@@ -93,9 +96,11 @@ CONSTRAINT x_rms_res_map_UK_hl_res_id_ll_res_id
UNIQUE(hl_resource_id, ll_resour
CONSTRAINT x_rms_res_map_FK_hl_res_id FOREIGN KEY(hl_resource_id) REFERENCES
x_rms_service_resource(id),
CONSTRAINT x_rms_res_map_FK_ll_res_id FOREIGN KEY(ll_resource_id) REFERENCES
x_rms_service_resource(id)
);
+GO
CREATE INDEX x_rms_resource_mapping_IDX_hl_resource_id ON
x_rms_resource_mapping(hl_resource_id);
CREATE INDEX x_rms_resource_mapping_IDX_ll_resource_id ON
x_rms_resource_mapping(ll_resource_id);
+GO
CREATE TABLE dbo.x_rms_mapping_provider (
id BIGINT IDENTITY NOT NULL ,
@@ -105,3 +110,5 @@ last_known_version BIGINT NOT NULL,
PRIMARY KEY (id),
CONSTRAINT x_rms_mapping_provider_UK_name UNIQUE(name)
);
+GO
+EXIT
\ No newline at end of file
diff --git
a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index a2d7cb4..90004ec 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4168,6 +4168,7 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10043',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10044',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10045',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('J10046',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active) VALUES
('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger
1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 49eff1e..8659267 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -274,4 +274,14 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
}
}
+
+ public List<XXPolicy> getAllByPolicyItem() {
+ List<XXPolicy> ret = ListUtils.EMPTY_LIST;
+ try {
+ ret =
getEntityManager().createNamedQuery("XXPolicy.getAllByPolicyItem", tClass)
+ .getResultList();
+ } catch (NoResultException excp) {
+ }
+ return ret;
+ }
}
\ No newline at end of file
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java
index 671ed0e..e396d2d 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java
@@ -59,4 +59,12 @@ public class XXPolicyItemAccessDao extends
BaseDao<XXPolicyItemAccess> {
}
}
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemAccess.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java
index 43e17db..bcc30b3 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java
@@ -59,4 +59,12 @@ public class XXPolicyItemConditionDao extends
BaseDao<XXPolicyItemCondition> {
}
}
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemCondition.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java
index 20ea7fa..4c981be 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java
@@ -71,4 +71,13 @@ public class XXPolicyItemDao extends BaseDao<XXPolicyItem> {
return new ArrayList<XXPolicyItem>();
}
}
+
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+ .createNamedQuery("XXPolicyItem.deleteByPolicyId",
tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
\ No newline at end of file
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java
index 5cee710..fe6d9ea 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDataMaskInfoDao.java
@@ -59,4 +59,12 @@ public class XXPolicyItemDataMaskInfoDao extends
BaseDao<XXPolicyItemDataMaskInf
}
}
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemDataMaskInfo.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java
index 68cf4d0..faa0a8c 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java
@@ -58,4 +58,13 @@ public class XXPolicyItemGroupPermDao extends
BaseDao<XXPolicyItemGroupPerm> {
return new ArrayList<XXPolicyItemGroupPerm>();
}
}
+
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemGroupPerm.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
index 9c2edbc..d596c15 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemRowFilterInfoDao.java
@@ -57,4 +57,13 @@ public class XXPolicyItemRowFilterInfoDao extends
BaseDao<XXPolicyItemRowFilterI
return new ArrayList<XXPolicyItemRowFilterInfo>();
}
}
+
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemRowFilterInfo.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java
index 63ef5ca..96d1e5e 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java
@@ -58,4 +58,13 @@ public class XXPolicyItemUserPermDao extends
BaseDao<XXPolicyItemUserPerm> {
return new ArrayList<XXPolicyItemUserPerm>();
}
}
+
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyItemUserPerm.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java
index 6670a4e..9069e61 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java
@@ -71,4 +71,12 @@ public class XXPolicyResourceDao extends
BaseDao<XXPolicyResource> {
}
}
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+ .createNamedQuery("XXPolicyResource.deleteByPolicyId",
tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java
index 90123f5..c5e6a2f 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java
@@ -58,4 +58,13 @@ public class XXPolicyResourceMapDao extends
BaseDao<XXPolicyResourceMap> {
return new ArrayList<XXPolicyResourceMap>();
}
}
+
+ public void deleteByPolicyId(Long policyId) {
+ if(policyId == null) {
+ return;
+ }
+ getEntityManager()
+
.createNamedQuery("XXPolicyResourceMap.deleteByPolicyId", tClass)
+ .setParameter("policyId", policyId).executeUpdate();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
new file mode 100644
index 0000000..5f8d4d1
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingOldRegimePolicyJson_J10046.java
@@ -0,0 +1,530 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.PolicyRefUpdater;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXGroupDao;
+import org.apache.ranger.db.XXPolicyDao;
+import org.apache.ranger.db.XXPolicyRefAccessTypeDao;
+import org.apache.ranger.db.XXPolicyRefConditionDao;
+import org.apache.ranger.db.XXPolicyRefDataMaskTypeDao;
+import org.apache.ranger.db.XXPolicyRefGroupDao;
+import org.apache.ranger.db.XXPolicyRefResourceDao;
+import org.apache.ranger.db.XXPolicyRefUserDao;
+import org.apache.ranger.db.XXUserDao;
+import org.apache.ranger.entity.XXAccessTypeDef;
+import org.apache.ranger.entity.XXDataMaskTypeDef;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXPolicyConditionDef;
+import org.apache.ranger.entity.XXPolicyRefAccessType;
+import org.apache.ranger.entity.XXPolicyRefCondition;
+import org.apache.ranger.entity.XXPolicyRefDataMaskType;
+import org.apache.ranger.entity.XXPolicyRefGroup;
+import org.apache.ranger.entity.XXPolicyRefResource;
+import org.apache.ranger.entity.XXPolicyRefUser;
+import org.apache.ranger.entity.XXResourceDef;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
+
+/**
+ * Consolidates Ranger policy details into a JSON string and stores it into a
+ * column in x_policy table After running this patch Ranger policy can be
+ * completely read/saved into x_policy table and some related Ref tables (which
+ * maintain ID->String mapping for each policy).
+ *
+ */
+@Component
+public class PatchForMigratingOldRegimePolicyJson_J10046 extends BaseLoader {
+ private static final Logger logger =
Logger.getLogger(PatchForMigratingOldRegimePolicyJson_J10046.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
+ @Autowired
+ PolicyRefUpdater policyRefUpdater;
+
+ private final Map<String, Long> groupIdMap = new
HashMap<>();
+ private final Map<String, Long> userIdMap = new
HashMap<>();
+ private final Map<String, Map<String, Long>> resourceNameIdMap = new
HashMap<>();
+ private final Map<String, Map<String, Long>> accessTypeIdMap = new
HashMap<>();
+ private final Map<String, Map<String, Long>> conditionNameIdMap = new
HashMap<>();
+ private final Map<String, Map<String, Long>> dataMaskTypeIdMap = new
HashMap<>();
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForMigratingOldRegimePolicyJson_J10046 loader =
(PatchForMigratingOldRegimePolicyJson_J10046)
CLIUtil.getBean(PatchForMigratingOldRegimePolicyJson_J10046.class);
+
+ loader.init();
+
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+
+ logger.info("Load complete. Exiting!!!");
+
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==>
PatchForMigratingOldRegimePolicyJson.execLoad()");
+
+ try {
+ migrateRangerPolicyTableWithPolicyJson();
+ } catch (Exception e) {
+ logger.error("Error while
PatchForMigratingOldRegimePolicyJson()", e);
+ System.exit(1);
+ }
+
+ logger.info("<==
PatchForMigratingOldRegimePolicyJson.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("Migrating OldRegimePolicyJson data ");
+ }
+
+ private void migrateRangerPolicyTableWithPolicyJson() throws Exception {
+ logger.info("==> updateRangerPolicyTableWithPolicyJson() ");
+ List<XXPolicy> xxPolicyList =
daoMgr.getXXPolicy().getAllByPolicyItem();
+ if (CollectionUtils.isNotEmpty(xxPolicyList)) {
+ for (XXPolicy xxPolicy : xxPolicyList) {
+ logger.info("XXPolicy : " + xxPolicy);
+ RangerPolicy policy =
svcStore.getPolicy(xxPolicy.getId());
+ if (policy != null) {
+ TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
+ RangerService service =
svcStore.getServiceByName(policy.getService());
+ PolicyUpdaterThread updaterThread = new
PolicyUpdaterThread(txTemplate, service, policy);
+ updaterThread.setDaemon(true);
+ updaterThread.start();
+ updaterThread.join();
+ String errorMsg =
updaterThread.getErrorMsg();
+ if (StringUtils.isNotEmpty(errorMsg)) {
+ throw new Exception(errorMsg);
+ }
+ }
+ }
+ } else {
+ logger.info("no old XXPolicyItems found ");
+ }
+ logger.info("<== updateRangerPolicyTableWithPolicyJson() ");
+ }
+ public Boolean cleanupOldRefTables(RangerPolicy policy) {
+ final Long policyId = policy == null ? null : policy.getId();
+
+ if (policyId == null) {
+ return false;
+ }
+ logger.info("==> cleanupOldRefTables() ");
+ daoMgr.getXXPolicyItemGroupPerm().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyItemUserPerm().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyItemAccess().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyItemCondition().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyItemDataMaskInfo().deleteByPolicyId(policyId);
+
daoMgr.getXXPolicyItemRowFilterInfo().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyItem().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyResourceMap().deleteByPolicyId(policyId);
+ daoMgr.getXXPolicyResource().deleteByPolicyId(policyId);
+ logger.info("<== cleanupOldRefTables() ");
+ return true;
+ }
+
+ private class PolicyUpdaterThread extends Thread {
+ final TransactionTemplate txTemplate;
+ final RangerService service;
+ final RangerPolicy policy;
+ String errorMsg;
+
+ PolicyUpdaterThread(TransactionTemplate txTemplate, final
RangerService service, final RangerPolicy policy) {
+ this.txTemplate = txTemplate;
+ this.service = service;
+ this.policy = policy;
+ this.errorMsg = null;
+ }
+
+ public String getErrorMsg() {
+ return errorMsg;
+ }
+
+ @Override
+ public void run() {
+ errorMsg = txTemplate.execute(new
TransactionCallback<String>() {
+ @Override
+ public String doInTransaction(TransactionStatus
status) {
+ String ret = null;
+ try {
+
policyRefUpdater.cleanupRefTables(policy);
+ portPolicy(service.getType(),
policy);
+ cleanupOldRefTables(policy);
+ } catch (Throwable e) {
+ logger.error("PortPolicy failed
for policy:[" + policy + "]", e);
+ ret = e.toString();
+ }
+ return ret;
+ }
+ });
+ }
+ }
+
+ private void portPolicy(String serviceType, RangerPolicy policy) throws
Exception {
+ logger.info("==> portPolicy(id=" + policy.getId() + ")");
+
+ String policyText = JsonUtils.objectToJson(policy);
+
+ if (StringUtils.isEmpty(policyText)) {
+ throw new Exception("Failed to convert policy to json
string. Policy: [id=" + policy.getId() + "; name=" + policy.getName() + ";
serviceType=" + serviceType + "]");
+ }
+
+ XXPolicyDao policyDao = daoMgr.getXXPolicy();
+ XXPolicy dbBean = policyDao.getById(policy.getId());
+
+ dbBean.setPolicyText(policyText);
+
+ policyDao.update(dbBean);
+
+ try {
+ Set<String> accesses = new HashSet<>();
+ Set<String> users = new HashSet<>();
+ Set<String> groups = new HashSet<>();
+ Set<String> conditions = new HashSet<>();
+ Set<String> dataMasks = new HashSet<>();
+
+ buildLists(policy.getPolicyItems(), accesses,
conditions, users, groups);
+ buildLists(policy.getDenyPolicyItems(), accesses,
conditions, users, groups);
+ buildLists(policy.getAllowExceptions(), accesses,
conditions, users, groups);
+ buildLists(policy.getDenyExceptions(), accesses,
conditions, users, groups);
+ buildLists(policy.getDataMaskPolicyItems(), accesses,
conditions, users, groups);
+ buildLists(policy.getRowFilterPolicyItems(), accesses,
conditions, users, groups);
+
+ buildList(policy.getDataMaskPolicyItems(), dataMasks);
+
+ addResourceDefRef(serviceType, policy);
+ addUserNameRef(policy.getId(), users);
+ addGroupNameRef(policy.getId(), groups);
+ addAccessDefRef(serviceType, policy.getId(), accesses);
+ addPolicyConditionDefRef(serviceType, policy.getId(),
conditions);
+ addDataMaskDefRef(serviceType, policy.getId(),
dataMasks);
+ } catch (Exception e) {
+ logger.error("portPoliry(id=" + policy.getId() +")
failed!!");
+ logger.error("Offending policy:" + policyText);
+ throw e;
+ }
+
+ logger.info("<== portPolicy(id=" + policy.getId() + ")");
+ }
+
+ private void addResourceDefRef(String serviceType, RangerPolicy policy)
throws Exception {
+ logger.info("==> addResourceDefRef(id=" + policy.getId() + ")");
+
+ Map<String, Long> serviceDefResourceNameIDMap =
resourceNameIdMap.get(serviceType);
+
+ if (serviceDefResourceNameIDMap == null) {
+ serviceDefResourceNameIDMap = new HashMap<>();
+
+ resourceNameIdMap.put(serviceType,
serviceDefResourceNameIDMap);
+
+ XXServiceDef dbServiceDef =
daoMgr.getXXServiceDef().findByName(serviceType);
+
+ for (XXResourceDef resourceDef :
daoMgr.getXXResourceDef().findByServiceDefId(dbServiceDef.getId())) {
+
serviceDefResourceNameIDMap.put(resourceDef.getName(), resourceDef.getId());
+ }
+ }
+
+ Map<String, RangerPolicyResource> policyResources =
policy.getResources();
+
+ if (MapUtils.isNotEmpty(policyResources)) {
+ XXPolicyRefResourceDao policyRefResourceDao =
daoMgr.getXXPolicyRefResource();
+ Set<String> resourceNames =
policyResources.keySet();
+
+ for (String resourceName : resourceNames) {
+ Long resourceDefId =
serviceDefResourceNameIDMap.get(resourceName);
+
+ if (resourceDefId == null) {
+ throw new Exception(resourceName + ":
unknown resource in policy [id=" + policy.getId() + "; name=" +
policy.getName() + "; serviceType=" + serviceType + "]. Known resources: " +
serviceDefResourceNameIDMap.keySet());
+ }
+
+ // insert policy-id, resourceDefId,
resourceName into Ref table
+ XXPolicyRefResource policyRefResource = new
XXPolicyRefResource();
+
+ policyRefResource.setPolicyId(policy.getId());
+
policyRefResource.setResourceDefId(resourceDefId);
+ policyRefResource.setResourceName(resourceName);
+
+ policyRefResourceDao.create(policyRefResource);
+ }
+ }
+
+ logger.info("<== addResourceDefRef(id=" + policy.getId() + ")");
+ }
+
+ private void addUserNameRef(Long policyId, Set<String> users) throws
Exception {
+ logger.info("==> addUserNameRef(id=" + policyId + ")");
+
+ XXPolicyRefUserDao policyRefUserDao =
daoMgr.getXXPolicyRefUser();
+ XXUserDao userDao = daoMgr.getXXUser();
+
+ // insert policy-id, userName into Ref table
+ for (String user : users) {
+ Long userId = userIdMap.get(user);
+
+ if (userId == null) {
+ XXUser userObject =
userDao.findByUserName(user);
+
+ if (userObject == null) {
+ throw new Exception(user + ": unknown
user in policy [id=" + policyId + "]");
+ }
+
+ userId = userObject.getId();
+
+ userIdMap.put(user, userId);
+ }
+
+ XXPolicyRefUser policyRefUser = new XXPolicyRefUser();
+
+ policyRefUser.setPolicyId(policyId);
+ policyRefUser.setUserName(user);
+ policyRefUser.setUserId(userId);
+
+ policyRefUserDao.create(policyRefUser);
+ }
+
+ logger.info("<== addUserNameRef(id=" + policyId + ")");
+ }
+
+ private void addGroupNameRef(Long policyId, Set<String> groups) throws
Exception {
+ logger.info("==> addGroupNameRef(id=" + policyId + ")");
+
+ // insert policy-id, groupName into Ref table
+ XXPolicyRefGroupDao policyRefGroupDao =
daoMgr.getXXPolicyRefGroup();
+ XXGroupDao groupDao = daoMgr.getXXGroup();
+
+ for (String group : groups) {
+ Long groupId = groupIdMap.get(group);
+
+ if (groupId == null) {
+ XXGroup groupObject =
groupDao.findByGroupName(group);
+
+ if (groupObject == null) {
+ throw new Exception(group + ": unknown
group in policy [id=" + policyId + "]");
+ }
+
+ groupId = groupObject.getId();
+
+ groupIdMap.put(group, groupId);
+ }
+
+ XXPolicyRefGroup policyRefGroup = new
XXPolicyRefGroup();
+
+ policyRefGroup.setPolicyId(policyId);
+ policyRefGroup.setGroupName(group);
+ policyRefGroup.setGroupId(groupId);
+
+ policyRefGroupDao.create(policyRefGroup);
+ }
+
+ logger.info("<== addGroupNameRef(id=" + policyId + ")");
+
+ }
+
+ private void addAccessDefRef(String serviceType, Long policyId,
Set<String> accesses) throws Exception {
+ logger.info("==> addAccessDefRef(id=" + policyId + ")");
+ // insert policy-id, accessName into Ref table
+
+ Map<String, Long> serviceDefAccessTypeIDMap =
accessTypeIdMap.get(serviceType);
+
+ if (serviceDefAccessTypeIDMap == null) {
+ serviceDefAccessTypeIDMap = new HashMap<>();
+
+ accessTypeIdMap.put(serviceType,
serviceDefAccessTypeIDMap);
+
+ XXServiceDef dbServiceDef =
daoMgr.getXXServiceDef().findByName(serviceType);
+
+ for (XXAccessTypeDef accessTypeDef :
daoMgr.getXXAccessTypeDef().findByServiceDefId(dbServiceDef.getId())) {
+
serviceDefAccessTypeIDMap.put(accessTypeDef.getName(), accessTypeDef.getId());
+ }
+ }
+
+ XXPolicyRefAccessTypeDao policyRefAccessTypeDao =
daoMgr.getXXPolicyRefAccessType();
+
+ for (String access : accesses) {
+ Long accessTypeDefId =
serviceDefAccessTypeIDMap.get(access);
+
+ if (accessTypeDefId == null) {
+ throw new Exception(access + ": unknown
accessType in policy [id=" + policyId + "; serviceType=" + serviceType + "].
Known accessTypes: " + serviceDefAccessTypeIDMap.keySet());
+ }
+
+ XXPolicyRefAccessType policyRefAccessType = new
XXPolicyRefAccessType();
+
+ policyRefAccessType.setPolicyId(policyId);
+ policyRefAccessType.setAccessTypeName(access);
+ policyRefAccessType.setAccessDefId(accessTypeDefId);
+
+ policyRefAccessTypeDao.create(policyRefAccessType);
+ }
+
+ logger.info("<== addAccessDefRef(id=" + policyId + ")");
+ }
+
+ private void addPolicyConditionDefRef(String serviceType, Long
policyId, Set<String> conditions) throws Exception {
+ logger.info("==> addPolicyConditionDefRef(id=" + policyId +
")");
+ // insert policy-id, conditionName into Ref table
+
+ Map<String, Long> serviceDefConditionNameIDMap =
conditionNameIdMap.get(serviceType);
+
+ if (serviceDefConditionNameIDMap == null) {
+ serviceDefConditionNameIDMap = new HashMap<>();
+
+ conditionNameIdMap.put(serviceType,
serviceDefConditionNameIDMap);
+
+ XXServiceDef dbServiceDef =
daoMgr.getXXServiceDef().findByName(serviceType);
+
+ for (XXPolicyConditionDef conditionDef :
daoMgr.getXXPolicyConditionDef().findByServiceDefId(dbServiceDef.getId())) {
+
serviceDefConditionNameIDMap.put(conditionDef.getName(), conditionDef.getId());
+ }
+ }
+
+ XXPolicyRefConditionDao policyRefConditionDao =
daoMgr.getXXPolicyRefCondition();
+
+ for (String condition : conditions) {
+ Long conditionDefId =
serviceDefConditionNameIDMap.get(condition);
+
+ if (conditionDefId == null) {
+ throw new Exception(condition + ": unknown
condition in policy [id=" + policyId + "; serviceType=" + serviceType + "].
Known conditions are: " + serviceDefConditionNameIDMap.keySet());
+ }
+
+ XXPolicyRefCondition policyRefCondition = new
XXPolicyRefCondition();
+
+ policyRefCondition.setPolicyId(policyId);
+ policyRefCondition.setConditionName(condition);
+ policyRefCondition.setConditionDefId(conditionDefId);
+
+ policyRefConditionDao.create(policyRefCondition);
+ }
+
+ logger.info("<== addPolicyConditionDefRef(id=" + policyId +
")");
+ }
+
+ private void addDataMaskDefRef(String serviceType, Long policyId,
Set<String> datamasks) throws Exception {
+ logger.info("==> addDataMaskDefRef(id=" + policyId + ")");
+
+ // insert policy-id, datamaskName into Ref table
+
+ Map<String, Long> serviceDefDataMaskTypeIDMap =
dataMaskTypeIdMap.get(serviceType);
+
+ if (serviceDefDataMaskTypeIDMap == null) {
+ serviceDefDataMaskTypeIDMap = new HashMap<>();
+
+ dataMaskTypeIdMap.put(serviceType,
serviceDefDataMaskTypeIDMap);
+
+ XXServiceDef dbServiceDef =
daoMgr.getXXServiceDef().findByName(serviceType);
+
+ for (XXDataMaskTypeDef dataMaskTypeDef :
daoMgr.getXXDataMaskTypeDef().findByServiceDefId(dbServiceDef.getId())) {
+
serviceDefDataMaskTypeIDMap.put(dataMaskTypeDef.getName(),
dataMaskTypeDef.getId());
+ }
+ }
+
+ XXPolicyRefDataMaskTypeDao policyRefDataMaskTypeDao =
daoMgr.getXXPolicyRefDataMaskType();
+
+ for (String datamask : datamasks) {
+ Long dataMaskTypeId =
serviceDefDataMaskTypeIDMap.get(datamask);
+
+ if (dataMaskTypeId == null) {
+ throw new Exception(datamask + ": unknown
dataMaskType in policy [id=" + policyId + "; serviceType=" + serviceType + "].
Known dataMaskTypes " + serviceDefDataMaskTypeIDMap.keySet());
+ }
+
+ XXPolicyRefDataMaskType policyRefDataMaskType = new
XXPolicyRefDataMaskType();
+
+ policyRefDataMaskType.setPolicyId(policyId);
+ policyRefDataMaskType.setDataMaskTypeName(datamask);
+ policyRefDataMaskType.setDataMaskDefId(dataMaskTypeId);
+
+ policyRefDataMaskTypeDao.create(policyRefDataMaskType);
+ }
+
+ logger.info("<== addDataMaskDefRef(id=" + policyId + ")");
+
+ }
+
+ private void buildLists(List<? extends RangerPolicyItem> policyItems,
Set<String> accesses, Set<String> conditions, Set<String> users, Set<String>
groups) {
+ for (RangerPolicyItem item : policyItems) {
+ for (RangerPolicyItemAccess policyAccess :
item.getAccesses()) {
+ accesses.add(policyAccess.getType());
+ }
+
+ for (RangerPolicyItemCondition policyCondition :
item.getConditions()) {
+ conditions.add(policyCondition.getType());
+ }
+
+ users.addAll(item.getUsers());
+ groups.addAll(item.getGroups());
+ }
+ }
+
+ private void buildList(List<RangerDataMaskPolicyItem>
dataMaskPolicyItems, Set<String> dataMasks) {
+ for (RangerDataMaskPolicyItem datMaskPolicyItem :
dataMaskPolicyItems) {
+
dataMasks.add(datMaskPolicyItem.getDataMaskInfo().getDataMaskType());
+ }
+ }
+
+}
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 1381454..3ef8ba3 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -288,6 +288,9 @@
</query>
</named-query>
+ <named-query name="XXPolicyItem.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItem obj WHERE obj.policyId =
:policyId</query>
+ </named-query>
<!-- XXPolicy -->
<named-query name="XXPolicy.countById">
@@ -364,6 +367,10 @@
</query>
</named-query>
+ <named-query name="XXPolicy.getAllByPolicyItem">
+ <query>select obj from XXPolicy obj where obj.id in (select
item.policyId from XXPolicyItem item) </query>
+ </named-query>
+
<!-- XXServiceDef -->
<named-query name="XXServiceDef.findByName">
<query>select obj from XXServiceDef obj where obj.name =
:name</query>
@@ -605,6 +612,10 @@
<query>select obj from XXPolicyResource obj where obj.resDefId
= :resDefId</query>
</named-query>
+ <named-query name="XXPolicyResource.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyResource obj WHERE obj.policyId =
:policyId</query>
+ </named-query>
+
<named-query name="XXPolicyResourceMap.findByPolicyId">
<query>select obj from XXPolicyResourceMap obj,
XXPolicyResource res
where obj.resourceId = res.id
@@ -621,6 +632,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyResourceMap.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyResourceMap obj WHERE obj.resourceId
in (select res.id from XXPolicyResource res where res.policyId =
:policyId)</query>
+ </named-query>
+
<!-- XXPolicyItemAccess -->
<named-query name="XXPolicyItemAccess.findByPolicyId">
@@ -639,6 +654,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemAccess.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemAccess obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
+
<!-- XXPolicyRefAccessType -->
<named-query name="XXPolicyRefAccessType.findByPolicyId">
<query>select obj from XXPolicyRefAccessType obj where
obj.policyId = :policyId </query>
@@ -886,6 +905,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemCondition.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemCondition obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
+
<!-- XXPolicyItemGroupPerm -->
<named-query name="XXPolicyItemGroupPerm.findByPolicyId">
@@ -904,6 +927,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemGroupPerm.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemGroupPerm obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
+
<!-- XXPolicyItemUserPerm -->
<named-query name="XXPolicyItemUserPerm.findByPolicyId">
@@ -922,6 +949,9 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemUserPerm.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemUserPerm obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
<!-- XXPolicyItemDataMaskInfo -->
<named-query name="XXPolicyItemDataMaskInfo.findByPolicyId">
@@ -940,6 +970,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemDataMaskInfo.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemDataMaskInfo obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
+
<!-- XXPolicyItemRowFilterInfo -->
<named-query name="XXPolicyItemRowFilterInfo.findByPolicyId">
@@ -958,6 +992,10 @@
</query>
</named-query>
+ <named-query name="XXPolicyItemRowFilterInfo.deleteByPolicyId">
+ <query>DELETE FROM XXPolicyItemRowFilterInfo obj WHERE
obj.policyItemId in (select item.id from XXPolicyItem item where item.policyId
= :policyId)</query>
+ </named-query>
+
<!-- XXDataHist -->
<named-query name="XXDataHist.findLatestByObjectClassTypeAndObjectId">
<query>select obj from XXDataHist obj where obj.objectId =
:objectId and obj.objectClassType = :classType</query>