This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new 25162b842 RANGER-4325: REST API to lookup principals (user/group/role)
by name
25162b842 is described below
commit 25162b8422bae6c3cd56351481f47c8327546408
Author: Prashant Satam <[email protected]>
AuthorDate: Wed Aug 23 11:02:05 2023 +0530
RANGER-4325: REST API to lookup principals (user/group/role) by name
Signed-off-by: Madhan Neethiraj <[email protected]>
---
.../optimized/current/ranger_core_db_mysql.sql | 3 +
.../optimized/current/ranger_core_db_postgres.sql | 3 +
.../main/java/org/apache/ranger/biz/XUserMgr.java | 11 ++
.../main/java/org/apache/ranger/db/XXUserDao.java | 35 ++++
.../apache/ranger/entity/view/VXXPrincipal.java | 202 +++++++++++++++++++++
.../java/org/apache/ranger/rest/XUserREST.java | 17 +-
.../ranger/security/context/RangerAPIList.java | 1 +
.../main/resources/META-INF/jpa_named_queries.xml | 7 +
8 files changed, 278 insertions(+), 1 deletion(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index b4e3f57b8..4099d084e 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -14,6 +14,7 @@
-- limitations under the License.
DROP VIEW IF EXISTS `vx_trx_log`;
+DROP VIEW IF EXISTS `vx_principal`;
DROP TABLE IF EXISTS `x_rms_mapping_provider`;
DROP TABLE IF EXISTS `x_rms_resource_mapping`;
DROP TABLE IF EXISTS `x_rms_notification`;
@@ -1618,6 +1619,8 @@ CREATE INDEX x_policy_label_label_map_id ON
x_policy_label_map(id);
CREATE VIEW vx_trx_log AS select x_trx_log.id AS id,x_trx_log.create_time AS
create_time,x_trx_log.update_time AS update_time,x_trx_log.added_by_id AS
added_by_id,x_trx_log.upd_by_id AS upd_by_id,x_trx_log.class_type AS
class_type,x_trx_log.object_id AS object_id,x_trx_log.parent_object_id AS
parent_object_id,x_trx_log.parent_object_class_type AS
parent_object_class_type,x_trx_log.attr_name AS
attr_name,x_trx_log.parent_object_name AS
parent_object_name,x_trx_log.object_name AS object_na [...]
+CREATE VIEW vx_principal as (SELECT u.user_name AS principal_name, 0 AS
principal_type, u.status status, u.is_visible is_visible, u.other_attributes
other_attributes, u.create_time create_time, u.update_time update_time,
u.added_by_id added_by_id, u.upd_by_id upd_by_id FROM x_user u) UNION (SELECT
g.group_name principal_name, 1 AS principal_type, g.status status, g.is_visible
is_visible, g.other_attributes other_attributes, g.create_time create_time,
g.update_time update_time, g.added_by [...]
+
DELIMITER $$
DROP PROCEDURE if exists getXportalUIdByLoginId$$
CREATE PROCEDURE `getXportalUIdByLoginId`(IN input_val VARCHAR(100), OUT myid
BIGINT)
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 6b82aead4..cccbe9915 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -2210,3 +2210,6 @@ INSERT INTO x_db_version_h
(version,inst_at,inst_by,updated_at,updated_by,active
DROP VIEW IF EXISTS vx_trx_log;
CREATE VIEW vx_trx_log AS select x_trx_log.id AS id,x_trx_log.create_time AS
create_time,x_trx_log.update_time AS update_time,x_trx_log.added_by_id AS
added_by_id,x_trx_log.upd_by_id AS upd_by_id,x_trx_log.class_type AS
class_type,x_trx_log.object_id AS object_id,x_trx_log.parent_object_id AS
parent_object_id,x_trx_log.parent_object_class_type AS
parent_object_class_type,x_trx_log.attr_name AS
attr_name,x_trx_log.parent_object_name AS
parent_object_name,x_trx_log.object_name AS object_na [...]
+
+DROP VIEW IF EXISTS vx_principal;
+CREATE VIEW vx_principal as (SELECT u.user_name AS principal_name, 0 AS
principal_type, u.status status, u.is_visible is_visible, u.other_attributes
other_attributes, u.create_time create_time, u.update_time update_time,
u.added_by_id added_by_id, u.upd_by_id upd_by_id FROM x_user u) UNION (SELECT
g.group_name principal_name, 1 AS principal_type, g.status status, g.is_visible
is_visible, g.other_attributes other_attributes, g.create_time create_time,
g.update_time update_time, g.added_by [...]
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 1f282948b..d961bc50c 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -45,6 +45,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
+import org.apache.ranger.plugin.model.RangerPrincipal;
import org.apache.ranger.plugin.model.UserInfo;
import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.service.*;
@@ -2011,6 +2012,16 @@ public class XUserMgr extends XUserMgrBase {
return listMasked;
}
+ public List<RangerPrincipal> getRangerPrincipals(SearchCriteria
searchCriteria){
+ String searchString = (String)
searchCriteria.getParamValue("name");
+ int startIdx = searchCriteria.getStartIndex();
+ int maxRows = searchCriteria.getMaxRows();
+
+ List<RangerPrincipal> ret =
daoManager.getXXUser().lookupPrincipalByName(searchString, startIdx, maxRows);
+
+ return ret;
+ }
+
public boolean hasAccessToModule(String moduleName){
UserSessionBase userSession =
ContextUtil.getCurrentUserSession();
if (userSession != null && userSession.getLoginId()!=null){
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
old mode 100644
new mode 100755
index 283d84fe1..215c0f03c
--- a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
@@ -21,8 +21,10 @@ package org.apache.ranger.db;
import javax.persistence.NoResultException;
+import org.apache.commons.collections.ListUtils;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.plugin.model.RangerPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
@@ -122,4 +124,37 @@ public class XXUserDao extends BaseDao<XXUser> {
}
return users;
}
+
+ public List<RangerPrincipal> lookupPrincipalByName(String
principalName, int startIndex, int pageSize) {
+ List<RangerPrincipal> ret = new ArrayList<>();
+
+ try {
+ List<Object[]> results =
getEntityManager().createNamedQuery("VXXPrincipal.lookupByName", Object[].class)
+
.setParameter("principalName", principalName +
"%")
+
.setFirstResult(startIndex)
+
.setMaxResults(pageSize).getResultList();
+
+ if (results != null) {
+ for (Object[] result : results) {
+ String name = (String) result[0];
+ Number type = (Number) result[1];
+
+ switch (type.intValue()) {
+ case 0:
+ ret.add(new
RangerPrincipal(RangerPrincipal.PrincipalType.USER, name));
+ break;
+ case 1:
+ ret.add(new
RangerPrincipal(RangerPrincipal.PrincipalType.GROUP, name));
+ break;
+ case 2:
+ ret.add(new
RangerPrincipal(RangerPrincipal.PrincipalType.ROLE, name));
+ break;
+ }
+ }
+ }
+ } catch (NoResultException e) {
+ ret = ListUtils.EMPTY_LIST;
+ }
+ return ret;
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/view/VXXPrincipal.java
b/security-admin/src/main/java/org/apache/ranger/entity/view/VXXPrincipal.java
new file mode 100644
index 000000000..e1ff6e837
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/entity/view/VXXPrincipal.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.entity.view;
+
+
+import org.apache.ranger.common.DateUtil;
+import org.apache.ranger.common.RangerConstants;
+
+import javax.persistence.*;
+import java.util.Date;
+
+@Entity
+@Table(name="vx_principal")
+public class VXXPrincipal implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @Column(name="PRINCIPAL_NAME", nullable=false)
+ protected String principalName;
+
+ @Id
+ @Column(name="PRINCIPAL_TYPE", nullable=false)
+ protected Integer principalType;
+
+ @Column(name="STATUS", nullable=false)
+ protected int status = RangerConstants.STATUS_DISABLED;
+
+ @Column(name="IS_VISIBLE", nullable=false )
+ protected Integer isVisible;
+
+ @Column(name="OTHER_ATTRIBUTES")
+ protected String otherAttributes;
+
+ @Temporal(TemporalType.TIMESTAMP)
+ @Column(name="CREATE_TIME" , nullable=false )
+ protected Date createTime = DateUtil.getUTCDate();
+
+ @Temporal(TemporalType.TIMESTAMP)
+ @Column(name="UPDATE_TIME" , nullable=false )
+ protected Date updateTime = DateUtil.getUTCDate();
+
+ @Column(name="ADDED_BY_ID" )
+ protected Long addedByUserId;
+
+ @Column(name="UPD_BY_ID" )
+ protected Long updatedByUserId;
+
+
+
+ /**
+ * @return the principalName
+ */
+ public String getPrincipalName() {
+ return principalName;
+ }
+
+ /**
+ * @param principalName the principalName to set
+ */
+ public void setPrincipalName(String principalName) {
+ this.principalName = principalName;
+ }
+
+ /**
+ * @return the principalType
+ */
+ public Integer getPrincipalType() {
+ return principalType;
+ }
+
+ /**
+ * @param principalType the principalType to set
+ */
+ public void setPrincipalType(Integer principalType) {
+ this.principalType = principalType;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b>status</b>.
+ * You cannot set null to the attribute.
+ * @param status Value to set member attribute <b>status</b>
+ */
+ public void setStatus( int status ) {
+ this.status = status;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>status</b>
+ * @return int - value of member attribute <b>status</b>.
+ */
+ public int getStatus( ) {
+ return this.status;
+ }
+
+ /**
+ * This method sets the value to the member attribute <b>isVisible</b>.
+ * You cannot set null to the attribute.
+ * @param isVisible Value to set member attribute <b>isVisible</b>
+ */
+ public void setIsVisible(Integer isVisible) {
+ this.isVisible = isVisible;
+ }
+
+ /**
+ * Returns the value for the member attribute <b>isVisible</b>
+ * @return int - value of member attribute <b>isVisible</b>.
+ */
+ public Integer getIsVisible() {
+ return isVisible;
+ }
+
+ /**
+ * This method sets JSON {@link String} representation of additional
store attributes.
+ * This method accepts null values.
+ * @param otherAttributes
+ */
+ public void setOtherAttributes(String otherAttributes) {
+ this.otherAttributes = otherAttributes;
+ }
+
+ /**
+ * @return JSON {@link String} representation of additional store
attributes if available,
+ * <code>null</code> otherwise.
+ */
+ public String getOtherAttributes() {
+ return otherAttributes;
+ }
+
+ /**
+ * @return the createTime
+ */
+ public Date getCreateTime() {
+ return createTime;
+ }
+
+ /**
+ * @param createTime the createTime to set
+ */
+ public void setCreateTime(Date createTime) {
+ this.createTime = createTime;
+ }
+
+ /**
+ * @return the updateTime
+ */
+ public Date getUpdateTime() {
+ return updateTime;
+ }
+
+ /**
+ * @param updateTime the updateTime to set
+ */
+ public void setUpdateTime(Date updateTime) {
+ this.updateTime = updateTime;
+ }
+
+ /**
+ * @return the addedByUserId
+ */
+ public Long getAddedByUserId() {
+ return addedByUserId;
+ }
+
+ /**
+ * @param addedByUserId the addedByUserId to set
+ */
+ public void setAddedByUserId(Long addedByUserId) {
+ this.addedByUserId = addedByUserId;
+ }
+
+
+ /**
+ * @return the updatedByUserId
+ */
+ public Long getUpdatedByUserId() {
+ return updatedByUserId;
+ }
+
+ /**
+ * @param updatedByUserId the updatedByUserId to set
+ */
+ public void setUpdatedByUserId(Long updatedByUserId) {
+ this.updatedByUserId = updatedByUserId;
+ }
+}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
old mode 100644
new mode 100755
index 9a2253a3d..0a3c524b5
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -63,6 +63,7 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPluginInfo;
+import org.apache.ranger.plugin.model.RangerPrincipal;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.RangerRESTUtils;
@@ -166,7 +167,8 @@ public class XUserREST {
@Autowired
ServiceDBStore svcStore;
-
+
+
static final Logger logger = LoggerFactory.getLogger(XUserMgr.class);
// Handle XGroup
@@ -504,6 +506,19 @@ public class XUserREST {
return ret;
}
+ @GET
+ @Path("/lookup/principals")
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.GET_PRINCIPALS_LOOKUP + "\")")
+ public List<RangerPrincipal> getPrincipalsLookup(@Context
HttpServletRequest request) {
+ SearchCriteria searchCriteria =
searchUtil.extractCommonCriterias(request, xGroupService.sortFields);
+
+ searchUtil.extractString(request, searchCriteria, "name", null,
null);
+
+ List<RangerPrincipal> ret =
xUserMgr.getRangerPrincipals(searchCriteria);
+
+ return ret;
+ }
@GET
@Path("/users/count")
@Produces({ "application/json" })
diff --git
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
index 4398764ae..de9014072 100644
---
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
+++
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
@@ -151,6 +151,7 @@ public class RangerAPIList {
public static final String SEARCH_X_USERS = "XUserREST.searchXUsers";
public static final String GET_USERS_LOOKUP =
"XUserREST.getUsersLookup";
public static final String GET_GROUPS_LOOKUP =
"XUserREST.getGroupsLookup";
+ public static final String GET_PRINCIPALS_LOOKUP =
"XUserREST.getPrincipalsLookup";
public static final String COUNT_X_USERS = "XUserREST.countXUsers";
public static final String GET_X_GROUP_USER = "XUserREST.getXGroupUser";
public static final String CREATE_X_GROUP_USER =
"XUserREST.createXGroupUser";
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index ef0bdd7a4..a34bc54af 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -178,6 +178,13 @@
</query>
</named-query>
+ <named-query name="VXXPrincipal.lookupByName">
+ <query>SELECT p.principalName, p.principalType FROM
VXXPrincipal p
+ WHERE p.principalName LIKE :principalName
+ AND p.isVisible = 1
+ ORDER BY p.principalName</query>
+ </named-query>
+
<named-query name="XXGroupUser.findUsersByGroupIds">
<query>SELECT group.name, user.name FROM XXUser user, XXGroup
group, XXGroupUser groupUser
WHERE user.id=groupUser.userId and
group.id=groupUser.parentGroupId
