This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 55d2e6bfcbc02825aa5d23f38adad11f7ea1eea9
Author: Madhan Neethiraj <mad...@apache.org>
AuthorDate: Mon Oct 2 12:15:44 2023 -0700
RANGER-4445: new REST endpoints for dataset policies
---
.../apache/ranger/plugin/model/RangerService.java | 66 +---
.../model/validation/RangerServiceValidator.java | 83 ++---
.../ranger/plugin/store/AbstractGdsStore.java | 25 --
.../ranger/plugin/store/AbstractPredicateUtil.java | 34 --
.../ranger/plugin/store/AbstractServiceStore.java | 3 +-
.../org/apache/ranger/plugin/store/GdsStore.java | 34 +-
.../ranger/plugin/store/ServicePredicateUtil.java | 77 -----
.../ranger/plugin/util/RangerPerfTracer.java | 28 +-
.../ranger/services/gds/RangerServiceGds.java | 58 +---
.../service-defs/ranger-servicedef-gds.json | 16 +-
.../apache_ranger/client/ranger_gds_client.py | 80 ++++-
.../main/python/apache_ranger/model/ranger_base.py | 2 +
.../src/main/python/sample_gds_client.py | 14 +
.../optimized/current/ranger_core_db_mysql.sql | 32 +-
.../optimized/current/ranger_core_db_postgres.sql | 36 ++-
.../java/org/apache/ranger/biz/GdsDBStore.java | 353 ++++++++++++++++++++-
.../java/org/apache/ranger/biz/RangerBizUtil.java | 8 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 53 +---
.../java/org/apache/ranger/biz/ServiceMgr.java | 6 -
.../org/apache/ranger/common/AppConstants.java | 7 +-
.../org/apache/ranger/db/RangerDaoManagerBase.java | 2 +
.../apache/ranger/db/XXGdsDatasetPolicyMapDao.java | 85 +++++
.../apache/ranger/db/XXGdsProjectPolicyMapDao.java | 85 +++++
.../java/org/apache/ranger/db/XXPolicyDao.java | 33 ++
.../java/org/apache/ranger/db/XXServiceDao.java | 23 +-
.../ranger/entity/XXGdsDatasetPolicyMap.java | 106 +++++++
.../ranger/entity/XXGdsProjectPolicyMap.java | 106 +++++++
.../org/apache/ranger/entity/XXServiceBase.java | 24 +-
.../apache/ranger/entity/XXServiceVersionInfo.java | 29 +-
.../main/java/org/apache/ranger/rest/GdsREST.java | 316 +++++++++++++++++-
.../java/org/apache/ranger/rest/ServiceREST.java | 61 +++-
.../ranger/security/context/RangerAPIList.java | 2 +
.../service/RangerServiceDefServiceBase.java | 4 +-
.../ranger/service/RangerServiceService.java | 7 -
.../ranger/service/RangerServiceServiceBase.java | 26 +-
.../main/resources/META-INF/jpa_named_queries.xml | 31 +-
36 files changed, 1405 insertions(+), 550 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
index e79c5d8e3..0cb58bae0 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerService.java
@@ -49,16 +49,13 @@ public class RangerService extends RangerBaseModelObject
implements java.io.Seri
private Date policyUpdateTime;
private Long tagVersion;
private Date tagUpdateTime;
- private String gdsService;
- private Long gdsVersion;
- private Date gdsUpdateTime;
/**
* @param
*/
public RangerService() {
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null);
}
/**
@@ -69,24 +66,12 @@ public class RangerService extends RangerBaseModelObject
implements java.io.Seri
* @param tagService
*/
public RangerService(String type, String name, String description,
String tagService, Map<String, String> configs) {
- this(type, name, description, tagService, null, configs);
- }
-
- /**
- * @param type
- * @param name
- * @param description
- * @param configs
- * @param tagService
- */
- public RangerService(String type, String name, String description,
String tagService, String gdsService, Map<String, String> configs) {
super();
setType(type);
setName(name);
setDescription(description);
setTagService(tagService);
- setGdsService(gdsService);
setConfigs(configs);
}
@@ -106,9 +91,6 @@ public class RangerService extends RangerBaseModelObject
implements java.io.Seri
setPolicyUpdateTime(other.getPolicyUpdateTime());
setTagVersion(other.getTagVersion());
setTagUpdateTime(other.getTagUpdateTime());
- setGdsService(other.getGdsService());
- setGdsVersion(other.getGdsVersion());
- setGdsUpdateTime(other.getGdsUpdateTime());
}
/**
@@ -260,49 +242,6 @@ public class RangerService extends RangerBaseModelObject
implements java.io.Seri
this.tagUpdateTime = tagUpdateTime;
}
- /**
- * @return the gdsService
- */
- public String getGdsService() {
- return gdsService;
- }
-
- /**
- * @param gdsService the gdsServiceName to set
- */
- public void setGdsService(String gdsService) {
- this.gdsService = gdsService;
- }
-
- /**
- * @return the gdsVersion
- */
- public Long getGdsVersion() {
- return gdsVersion;
- }
-
- /**
- * @param gdsVersion the gdsVersion to set
- */
- public void setGdsVersion(Long gdsVersion) {
- this.gdsVersion = gdsVersion;
- }
-
-
- /**
- * @return the gdsUpdateTime
- */
- public Date getGdsUpdateTime() {
- return gdsUpdateTime;
- }
-
- /**
- * @param gdsUpdateTime the gdsUpdateTime to set
- */
- public void setGdsUpdateTime(Date gdsUpdateTime) {
- this.gdsUpdateTime = gdsUpdateTime;
- }
-
@Override
public String toString( ) {
StringBuilder sb = new StringBuilder();
@@ -338,9 +277,6 @@ public class RangerService extends RangerBaseModelObject
implements java.io.Seri
sb.append("tagVersion={").append(tagVersion).append("} ");
sb.append("tagUpdateTime={").append(tagUpdateTime).append("} ");
- sb.append("gdsService={").append(gdsService).append("} ");
- sb.append("gdsVersion={").append(gdsVersion).append("} ");
- sb.append("gdsUpdateTime={").append(gdsUpdateTime).append("} ");
sb.append("}");
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
index a9ad08a48..5521146b9 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceValidator.java
@@ -268,76 +268,41 @@ public class RangerServiceValidator extends
RangerValidator {
}
}
String tagServiceName = service.getTagService();
- String gdsServiceName = service.getGdsService();
- if (StringUtils.equals(type,
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
- if (StringUtils.isNotBlank(tagServiceName)) {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("tag_service")
-
.isSemanticallyIncorrect()
- .becauseOf("tag service
cannot be part of a tag service")
- .build());
- valid = false;
- }
-
- if (StringUtils.isNotBlank(gdsServiceName)) {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("gds_service")
-
.isSemanticallyIncorrect()
- .becauseOf("tag service
cannot be part of a gds service")
- .build());
- valid = false;
- }
+ if (StringUtils.isNotBlank(tagServiceName) &&
StringUtils.equals(type, EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME))
{
+ failures.add(new
ValidationFailureDetailsBuilder()
+ .field("tag_service")
+ .isSemanticallyIncorrect()
+ .becauseOf("tag service cannot
be part of a tag service")
+ .build());
+ valid = false;
}
- if (StringUtils.equals(type,
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
- if (StringUtils.isNotBlank(tagServiceName)) {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("tag_service")
-
.isSemanticallyIncorrect()
- .becauseOf("gds service
cannot be linked to a tag service")
- .build());
- valid = false;
- }
-
- if (StringUtils.isNotBlank(gdsServiceName)) {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("gds_service")
-
.isSemanticallyIncorrect()
- .becauseOf("gds service
cannot be linked to a gds service")
- .build());
- valid = false;
- }
+ if (StringUtils.isNotBlank(tagServiceName) &&
StringUtils.equals(type, EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME))
{
+ failures.add(new
ValidationFailureDetailsBuilder()
+ .field("tag_service")
+ .isSemanticallyIncorrect()
+ .becauseOf("gds service cannot
be linked to a tag service")
+ .build());
+ valid = false;
}
- boolean needToEnsureTagServiceType = false;
- boolean needToEnsureGdsServiceType = false;
+ boolean needToEnsureServiceType = false;
if (action == Action.UPDATE) {
RangerService otherService = getService(name);
String otherTagServiceName = otherService ==
null ? null : otherService.getTagService();
- String otherGdsServiceName = otherService ==
null ? null : otherService.getGdsService();
if (StringUtils.isNotBlank(tagServiceName)) {
if (!StringUtils.equals(tagServiceName,
otherTagServiceName)) {
- needToEnsureTagServiceType =
true;
- }
- }
-
- if (StringUtils.isNotBlank(gdsServiceName)) {
- if (!StringUtils.equals(gdsServiceName,
otherGdsServiceName)) {
- needToEnsureGdsServiceType =
true;
+ needToEnsureServiceType = true;
}
}
} else { // action == Action.CREATE
if (StringUtils.isNotBlank(tagServiceName)) {
- needToEnsureTagServiceType = true;
- }
-
- if (StringUtils.isNotBlank(gdsServiceName)) {
- needToEnsureGdsServiceType = true;
+ needToEnsureServiceType = true;
}
}
- if (needToEnsureTagServiceType) {
+ if (needToEnsureServiceType) {
RangerService maybeTagService =
getService(tagServiceName);
if (maybeTagService == null ||
!StringUtils.equals(maybeTagService.getType(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
failures.add(new
ValidationFailureDetailsBuilder()
@@ -348,18 +313,6 @@ public class RangerServiceValidator extends
RangerValidator {
valid = false;
}
}
-
- if (needToEnsureGdsServiceType) {
- RangerService gdsService =
getService(gdsServiceName);
- if (gdsService == null ||
!StringUtils.equals(gdsService.getType(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
- failures.add(new
ValidationFailureDetailsBuilder()
- .field("gds_service")
-
.isSemanticallyIncorrect()
- .becauseOf("gds service
name does not refer to existing gds service:" + gdsServiceName)
- .build());
- valid = false;
- }
- }
}
if(LOG.isDebugEnabled()) {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
index 91f598bd4..7b3677e30 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractGdsStore.java
@@ -26,34 +26,9 @@ import
org.apache.ranger.plugin.model.RangerGds.RangerDataShareInDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerProject;
import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
import org.apache.ranger.plugin.util.SearchFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
public abstract class AbstractGdsStore implements GdsStore {
- private static final Logger LOG =
LoggerFactory.getLogger(AbstractGdsStore.class);
-
- protected ServiceStore svcStore;
-
- @Override
- public void init() throws Exception {
- LOG.info("==> AbstractGdsStore.init()");
-
- LOG.info("<== AbstractGdsStore.init()");
- }
-
- @Override
- public void setServiceStore(ServiceStore svcStore) {
- LOG.info("==> AbstractGdsStore.setServiceStore()");
-
- this.svcStore = svcStore;
-
- LOG.info("<== AbstractGdsStore.setServiceStore()");
- }
-
- @Override
- public ServiceStore getServiceStore() { return svcStore; }
-
@Override
public RangerDataset createDataset(RangerDataset dataset) throws Exception
{ return null; }
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
index 0c47515ef..07c561506 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
@@ -91,7 +91,6 @@ public class AbstractPredicateUtil {
addPredicateForIsEnabled(filter.getParam(SearchFilter.IS_ENABLED), predicates);
addPredicateForIsRecursive(filter.getParam(SearchFilter.IS_RECURSIVE),
predicates);
addPredicateForTagServiceName(filter.getParam(SearchFilter.TAG_SERVICE_NAME),
predicates);
-
addPredicateForGdsServiceName(filter.getParam(SearchFilter.GDS_SERVICE_NAME),
predicates);
//
addPredicateForTagServiceId(filter.getParam(SearchFilter.TAG_SERVICE_ID),
predicates); // not supported
addPredicateForUserName(filter.getParam(SearchFilter.USER),
predicates);
addPredicateForGroupName(filter.getParam(SearchFilter.GROUP),
predicates);
@@ -858,39 +857,6 @@ public class AbstractPredicateUtil {
return ret;
}
- private Predicate addPredicateForGdsServiceName(final String
gdsServiceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(gdsServiceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerService) {
- RangerService service =
(RangerService)object;
-
- ret =
StringUtils.equals(gdsServiceName, service.getGdsService());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
private Predicate addPredicateForResourceSignature(String signature,
List<Predicate> predicates) {
Predicate ret = createPredicateForResourceSignature(signature);
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
index 8632dd6bc..dc786a457 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -275,7 +275,8 @@ public abstract class AbstractServiceStore implements
ServiceStore {
}
private void updateTagServiceDefForUpdatingAccessTypes(RangerServiceDef
serviceDef) throws Exception {
- if (StringUtils.equals(serviceDef.getName(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
+ if (StringUtils.equals(serviceDef.getName(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME) ||
+ StringUtils.equals(serviceDef.getName(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
return;
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
index 8c56ec1ff..2dadf2cd4 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
@@ -25,20 +25,16 @@ import
org.apache.ranger.plugin.model.RangerGds.RangerDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerDatasetInProject;
import org.apache.ranger.plugin.model.RangerGds.RangerProject;
import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
+import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.util.SearchFilter;
+import java.util.List;
+
/**
* Interface to backing store for Data share model objects
*/
public interface GdsStore {
- void init() throws Exception;
-
- void setServiceStore(ServiceStore svcStore);
-
- ServiceStore getServiceStore();
-
-
RangerDataset createDataset(RangerDataset dataset) throws Exception;
RangerDataset updateDataset(RangerDataset dataset) throws Exception;
@@ -53,6 +49,18 @@ public interface GdsStore {
PList<RangerDataset> searchDatasets(SearchFilter filter) throws Exception;
+ RangerPolicy addDatasetPolicy(Long datasetId, RangerPolicy policy) throws
Exception;
+
+ RangerPolicy updateDatasetPolicy(Long datasetId, RangerPolicy policy)
throws Exception;
+
+ void deleteDatasetPolicy(Long datasetId, Long policyId) throws Exception;
+
+ void deleteDatasetPolicies(Long datasetId) throws Exception;
+
+ RangerPolicy getDatasetPolicy(Long datasetId, Long policyId) throws
Exception;
+
+ List<RangerPolicy> getDatasetPolicies(Long datasetId) throws Exception;
+
RangerProject createProject(RangerProject dataset) throws Exception;
@@ -68,6 +76,18 @@ public interface GdsStore {
PList<RangerProject> searchProjects(SearchFilter filter) throws Exception;
+ RangerPolicy addProjectPolicy(Long projectId, RangerPolicy policy) throws
Exception;
+
+ RangerPolicy updateProjectPolicy(Long projectId, RangerPolicy policy)
throws Exception;
+
+ void deleteProjectPolicy(Long projectId, Long policyId) throws Exception;
+
+ void deleteProjectPolicies(Long projectId) throws Exception;
+
+ RangerPolicy getProjectPolicy(Long projectId, Long policyId) throws
Exception;
+
+ List<RangerPolicy> getProjectPolicies(Long projectId) throws Exception;
+
RangerDataShare createDataShare(RangerDataShare dataShare) throws
Exception;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
index 26c5dd7e3..757dc6719 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java
@@ -44,8 +44,6 @@ public class ServicePredicateUtil extends
AbstractPredicateUtil {
addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
addPredicateForTagSeviceName(filter.getParam(SearchFilter.TAG_SERVICE_NAME),
predicates);
addPredicateForTagSeviceId(filter.getParam(SearchFilter.TAG_SERVICE_ID),
predicates);
-
addPredicateForGdsSeviceName(filter.getParam(SearchFilter.GDS_SERVICE_NAME),
predicates);
-
addPredicateForGdsSeviceId(filter.getParam(SearchFilter.GDS_SERVICE_ID),
predicates);
}
private String getServiceType(String serviceName) {
@@ -232,79 +230,4 @@ public class ServicePredicateUtil extends
AbstractPredicateUtil {
return ret;
}
-
- private Predicate addPredicateForGdsSeviceName(final String
gdsServiceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(gdsServiceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerService) {
- RangerService service =
(RangerService)object;
-
- ret =
StringUtils.equals(gdsServiceName, service.getGdsService());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForGdsSeviceId(final String gdsServiceId,
List<Predicate> predicates) {
- if(StringUtils.isEmpty(gdsServiceId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerService) {
- RangerService service =
(RangerService)object;
-
- if(!
StringUtils.isEmpty(service.getGdsService())) {
- RangerService gdsService = null;
-
- try {
- gdsService =
serviceStore.getServiceByName(service.getGdsService());
- } catch(Exception excp) {
- }
-
- ret = gdsService != null &&
gdsService.getId() != null && StringUtils.equals(gdsServiceId,
gdsService.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
index 3c985c62c..5078d3668 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java
@@ -46,19 +46,25 @@ public class RangerPerfTracer {
}
public static RangerPerfTracer getPerfTracer(Logger logger, String tag)
{
- String data = "";
- String realTag = "";
-
- if (tag != null) {
- int indexOfTagEndMarker = StringUtils.indexOf(tag,
tagEndMarker);
- if (indexOfTagEndMarker != -1) {
- realTag = StringUtils.substring(tag, 0,
indexOfTagEndMarker);
- data = StringUtils.substring(tag,
indexOfTagEndMarker);
- } else {
- realTag = tag;
+ if (logger.isDebugEnabled()) {
+ String data = "";
+ String realTag = "";
+
+ if (tag != null) {
+ int indexOfTagEndMarker =
StringUtils.indexOf(tag, tagEndMarker);
+
+ if (indexOfTagEndMarker != -1) {
+ realTag = StringUtils.substring(tag, 0,
indexOfTagEndMarker);
+ data = StringUtils.substring(tag,
indexOfTagEndMarker);
+ } else {
+ realTag = tag;
+ }
}
+
+ return RangerPerfTracerFactory.getPerfTracer(logger,
realTag, data);
+ } else {
+ return null;
}
- return RangerPerfTracerFactory.getPerfTracer(logger, realTag,
data);
}
public static RangerPerfTracer getPerfTracer(Logger logger, String tag,
String data) {
diff --git
a/agents-common/src/main/java/org/apache/ranger/services/gds/RangerServiceGds.java
b/agents-common/src/main/java/org/apache/ranger/services/gds/RangerServiceGds.java
index 0f03c5a31..c67d3d3b7 100644
---
a/agents-common/src/main/java/org/apache/ranger/services/gds/RangerServiceGds.java
+++
b/agents-common/src/main/java/org/apache/ranger/services/gds/RangerServiceGds.java
@@ -19,31 +19,21 @@
package org.apache.ranger.services.gds;
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
import org.apache.ranger.plugin.service.RangerBaseService;
import org.apache.ranger.plugin.service.ResourceLookupContext;
-import org.apache.ranger.plugin.store.GdsStore;
-import org.apache.ranger.plugin.store.PList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-
public class RangerServiceGds extends RangerBaseService {
private static final Logger LOG =
LoggerFactory.getLogger(RangerServiceGds.class);
- public static final String RESOURCE_NAME_DATASET = "dataset";
- public static final String RESOURCE_NAME_PROJECT = "project";
-
- private GdsStore gdsStore;
-
public RangerServiceGds() {
super();
}
@@ -53,10 +43,6 @@ public class RangerServiceGds extends RangerBaseService {
super.init(serviceDef, service);
}
- public void setGdsStore(GdsStore gdsStore) {
- this.gdsStore = gdsStore;
- }
-
@Override
public Map<String,Object> validateConfig() throws Exception {
if(LOG.isDebugEnabled()) {
@@ -80,48 +66,10 @@ public class RangerServiceGds extends RangerBaseService {
LOG.debug("==> RangerServiceGds.lookupResource(" +
context + ")");
}
- List<String> ret = new ArrayList<>();
- String resourceType = context != null ?
context.getResourceName() : null;
- List<String> valuesToExclude = null;
- List<String> resourceNames = null;
-
- if (StringUtils.equals(resourceType, RESOURCE_NAME_DATASET)) {
- PList<String> datasets = gdsStore != null ?
gdsStore.getDatasetNames(null) : null;
-
- resourceNames = datasets != null ? datasets.getList()
: null;
- valuesToExclude = context.getResources() != null ?
context.getResources().get(RESOURCE_NAME_DATASET) : null;
- } else if (StringUtils.equals(resourceType,
RESOURCE_NAME_PROJECT)) {
- PList<String> projects = gdsStore != null ?
gdsStore.getProjectNames(null) : null;
-
- resourceNames = projects != null ? projects.getList()
: null;
- valuesToExclude = context.getResources() != null ?
context.getResources().get(RESOURCE_NAME_PROJECT) : null;
- }
-
- if (resourceNames != null) {
- if (valuesToExclude != null) {
- resourceNames.removeAll(valuesToExclude);
- }
-
- String valueToMatch = context.getUserInput();
-
- if (StringUtils.isNotEmpty(valueToMatch)) {
- if (!valueToMatch.endsWith("*")) {
- valueToMatch += "*";
- }
-
- for (String resourceName : resourceNames) {
- if
(FilenameUtils.wildcardMatch(resourceName, valueToMatch)) {
- ret.add(resourceName);
- }
- }
- }
- }
-
-
if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerServiceGds.lookupResource(): {}
count={}", resourceType, ret.size());
+ LOG.debug("<== RangerServiceGds.lookupResource()");
}
- return ret;
+ return Collections.emptyList();
}
}
diff --git
a/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
b/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
index 06049183c..da6c0bcdf 100644
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-gds.json
@@ -10,35 +10,35 @@
"resources": [
{
"itemId": 1,
- "name": "dataset",
+ "name": "dataset-id",
"type": "string",
"level": 1,
"parent": "",
"mandatory": true,
- "lookupSupported": true,
+ "lookupSupported": false,
"recursiveSupported": false,
"excludesSupported": false,
"matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard": false, "ignoreCase": false },
"uiHint": "{ \"singleValue\": true }",
- "label": "Dataset",
- "description": "Dataset"
+ "label": "Dataset ID",
+ "description": "Dataset ID"
},
{
"itemId": 2,
- "name": "project",
+ "name": "project-id",
"type": "string",
"level": 1,
"parent": "",
"mandatory": true,
- "lookupSupported": true,
+ "lookupSupported": false,
"recursiveSupported": false,
"excludesSupported": false,
"matcher":
"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard": false, "ignoreCase": false },
"uiHint": "{ \"singleValue\": true }",
- "label": "Project",
- "description": "Project"
+ "label": "Project ID",
+ "description": "Project ID"
}
],
diff --git a/intg/src/main/python/apache_ranger/client/ranger_gds_client.py
b/intg/src/main/python/apache_ranger/client/ranger_gds_client.py
index ea42b3e2a..3751252c2 100644
--- a/intg/src/main/python/apache_ranger/client/ranger_gds_client.py
+++ b/intg/src/main/python/apache_ranger/client/ranger_gds_client.py
@@ -65,12 +65,36 @@ class RangerGdsClient:
def find_datasets(self, filter=None):
resp = self.client_http.call_api(RangerGdsClient.FIND_DATASETS, filter)
- return PList.type_coerce_plist(resp, RangerDataset)
+ return PList(resp).type_coerce_list(RangerDataset)
def get_dataset_names(self, filter=None):
resp = self.client_http.call_api(RangerGdsClient.GET_DATASET_NAMES,
filter)
- return PList.type_coerce_plist(resp, str)
+ return PList(resp).type_coerce_list(str)
+
+ def add_dataset_policy(self, datasetId, policy):
+ resp =
self.client_http.call_api(RangerGdsClient.ADD_DATASET_POLICY.format_path({
'id': datasetId }), request_data=policy)
+
+ return type_coerce(resp, RangerPolicy)
+
+ def update_dataset_policy(self, datasetId, policy):
+ resp =
self.client_http.call_api(RangerGdsClient.UPDATE_DATASET_POLICY.format_path({
'id': datasetId, 'policyId': policy.id }), request_data=policy)
+
+ return type_coerce(resp, RangerPolicy)
+
+ def delete_dataset_policy(self, datasetId, policyId):
+
self.client_http.call_api(RangerGdsClient.DELETE_DATASET_POLICY.format_path({
'id': datasetId, 'policyId': policyId }))
+
+ def get_dataset_policy(self, datasetId, policyId):
+ resp =
self.client_http.call_api(RangerGdsClient.GET_DATASET_POLICY.format_path({
'id': datasetId, 'policyId': policyId }))
+
+ return type_coerce(resp, RangerPolicy)
+
+ def get_dataset_policies(self, datasetId):
+ resp =
self.client_http.call_api(RangerGdsClient.GET_DATASET_POLICIES.format_path({
'id': datasetId }))
+
+ return type_coerce_list(resp, RangerPolicy)
+
def create_project(self, project):
resp = self.client_http.call_api(RangerGdsClient.CREATE_PROJECT,
request_data=project)
@@ -93,12 +117,36 @@ class RangerGdsClient:
def find_projects(self, filter=None):
resp = self.client_http.call_api(RangerGdsClient.FIND_PROJECTS, filter)
- return PList.type_coerce_plist(resp, RangerDataset)
+ return PList(resp).type_coerce_list(RangerDataset)
def get_project_names(self, filter=None):
resp = self.client_http.call_api(RangerGdsClient.GET_PROJECT_NAMES,
filter)
- return PList.type_coerce_plist(resp, str)
+ return PList(resp).type_coerce_list(str)
+
+ def add_project_policy(self, projectId, policy):
+ resp =
self.client_http.call_api(RangerGdsClient.ADD_PROJECT_POLICY.format_path({
'id': projectId }), request_data=policy)
+
+ return type_coerce(resp, RangerPolicy)
+
+ def update_project_policy(self, projectId, policy):
+ resp =
self.client_http.call_api(RangerGdsClient.UPDATE_PROJECT_POLICY.format_path({
'id': projectId, 'policyId': policy.id }), request_data=policy)
+
+ return type_coerce(resp, RangerPolicy)
+
+ def delete_project_policy(self, projectId, policyId):
+
self.client_http.call_api(RangerGdsClient.DELETE_PROJECT_POLICY.format_path({
'id': projectId, 'policyId': policyId }))
+
+ def get_project_policy(self, projectId, policyId):
+ resp =
self.client_http.call_api(RangerGdsClient.GET_PROJECT_POLICY.format_path({
'id': projectId, 'policyId': policyId }))
+
+ return type_coerce(resp, RangerPolicy)
+
+ def get_project_policies(self, projectId):
+ resp =
self.client_http.call_api(RangerGdsClient.GET_PROJECT_POLICIES.format_path({
'id': projectId }))
+
+ return type_coerce_list(resp, RangerPolicy)
+
def create_data_share(self, data_share):
resp = self.client_http.call_api(RangerGdsClient.CREATE_DATA_SHARE,
request_data=data_share)
@@ -121,7 +169,7 @@ class RangerGdsClient:
def find_data_shares(self, filter=None):
resp = self.client_http.call_api(RangerGdsClient.FIND_DATA_SHARES,
filter)
- return PList.type_coerce_plist(resp, RangerDataShare)
+ return PList(resp).type_coerce_list(RangerDataShare)
def add_shared_resource(self, resource):
resp = self.client_http.call_api(RangerGdsClient.ADD_SHARED_RESOURCE,
request_data=resource)
@@ -144,7 +192,8 @@ class RangerGdsClient:
def find_shared_resources(self, filter=None):
resp =
self.client_http.call_api(RangerGdsClient.FIND_SHARED_RESOURCES, filter)
- return PList.type_coerce_plist(resp, RangerSharedResource)
+ return PList(resp).type_coerce_list(RangerSharedResource)
+
def add_data_share_in_dataset(self, dshid):
resp =
self.client_http.call_api(RangerGdsClient.ADD_DATA_SHARE_IN_DATASET,
request_data=dshid)
@@ -167,7 +216,8 @@ class RangerGdsClient:
def find_data_share_in_datasets(self, filter=None):
resp =
self.client_http.call_api(RangerGdsClient.FIND_DATA_SHARE_IN_DATASETS, filter)
- return PList.type_coerce_plist(resp, RangerDataShareInDataset)
+ return PList(resp).type_coerce_list(RangerDataShareInDataset)
+
def add_dataset_in_project(self, dip):
resp = self.client_http.call_api(RangerGdsClient.ADD_DATASET_IN_PROJECT,
request_data=dip)
@@ -190,7 +240,7 @@ class RangerGdsClient:
def find_dataset_in_projects(self, filter=None):
resp =
self.client_http.call_api(RangerGdsClient.FIND_DATASET_IN_PROJECTS, filter)
- return PList.type_coerce_plist(resp, RangerDatasetInProject)
+ return PList(resp).type_coerce_list(RangerDatasetInProject)
# URIs
@@ -198,9 +248,13 @@ class RangerGdsClient:
URI_DATASET = URI_GDS + "/dataset"
URI_DATASET_BY_ID = URI_DATASET + "/{id}"
URI_DATASET_NAMES = URI_DATASET + "/names"
+ URI_DATASET_POLICY = URI_DATASET_BY_ID + "/policy"
+ URI_DATASET_POLICY_ID = URI_DATASET_POLICY + "/{policyId}"
URI_PROJECT = URI_GDS + "/project"
URI_PROJECT_BY_ID = URI_PROJECT + "/{id}"
URI_PROJECT_NAMES = URI_PROJECT + "/names"
+ URI_PROJECT_POLICY = URI_PROJECT_BY_ID + "/policy"
+ URI_PROJECT_POLICY_ID = URI_PROJECT_POLICY + "/{policyId}"
URI_DATA_SHARE = URI_GDS + "/datashare"
URI_DATA_SHARE_BY_ID = URI_DATA_SHARE + "/{id}"
URI_SHARED_RESOURCE = URI_GDS + "/resource"
@@ -221,6 +275,11 @@ class RangerGdsClient:
GET_DATASET_BY_ID = API(URI_DATASET_BY_ID, HttpMethod.GET,
HTTPStatus.OK)
FIND_DATASETS = API(URI_DATASET, HttpMethod.GET, HTTPStatus.OK)
GET_DATASET_NAMES = API(URI_DATASET_NAMES, HttpMethod.GET,
HTTPStatus.OK)
+ ADD_DATASET_POLICY = API(URI_DATASET_POLICY, HttpMethod.POST,
HTTPStatus.OK)
+ UPDATE_DATASET_POLICY = API(URI_DATASET_POLICY_ID, HttpMethod.PUT,
HTTPStatus.OK)
+ DELETE_DATASET_POLICY = API(URI_DATASET_POLICY_ID, HttpMethod.DELETE,
HTTPStatus.NO_CONTENT)
+ GET_DATASET_POLICY = API(URI_DATASET_POLICY_ID, HttpMethod.GET,
HTTPStatus.OK)
+ GET_DATASET_POLICIES = API(URI_DATASET_POLICY, HttpMethod.GET,
HTTPStatus.OK)
CREATE_PROJECT = API(URI_PROJECT, HttpMethod.POST,
HTTPStatus.OK)
UPDATE_PROJECT_BY_ID = API(URI_PROJECT_BY_ID, HttpMethod.PUT,
HTTPStatus.OK)
@@ -228,6 +287,11 @@ class RangerGdsClient:
GET_PROJECT_BY_ID = API(URI_PROJECT_BY_ID, HttpMethod.GET,
HTTPStatus.OK)
FIND_PROJECTS = API(URI_PROJECT, HttpMethod.GET, HTTPStatus.OK)
GET_PROJECT_NAMES = API(URI_PROJECT_NAMES, HttpMethod.GET,
HTTPStatus.OK)
+ ADD_PROJECT_POLICY = API(URI_PROJECT_POLICY, HttpMethod.POST,
HTTPStatus.OK)
+ UPDATE_PROJECT_POLICY = API(URI_PROJECT_POLICY_ID, HttpMethod.PUT,
HTTPStatus.OK)
+ DELETE_PROJECT_POLICY = API(URI_PROJECT_POLICY_ID, HttpMethod.DELETE,
HTTPStatus.NO_CONTENT)
+ GET_PROJECT_POLICY = API(URI_PROJECT_POLICY_ID, HttpMethod.GET,
HTTPStatus.OK)
+ GET_PROJECT_POLICIES = API(URI_PROJECT_POLICY, HttpMethod.GET,
HTTPStatus.OK)
CREATE_DATA_SHARE = API(URI_DATA_SHARE, HttpMethod.POST,
HTTPStatus.OK)
UPDATE_DATA_SHARE_BY_ID = API(URI_DATA_SHARE_BY_ID, HttpMethod.PUT,
HTTPStatus.OK)
diff --git a/intg/src/main/python/apache_ranger/model/ranger_base.py
b/intg/src/main/python/apache_ranger/model/ranger_base.py
index 2cb06b8bd..3b792ff7d 100644
--- a/intg/src/main/python/apache_ranger/model/ranger_base.py
+++ b/intg/src/main/python/apache_ranger/model/ranger_base.py
@@ -93,3 +93,5 @@ class PList(RangerBase):
def type_coerce_list(self, elemType):
self.list = type_coerce_list(self.list, elemType)
+
+ return self
diff --git a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
index 1b0d7a93f..890b2a2d8 100644
--- a/ranger-examples/sample-client/src/main/python/sample_gds_client.py
+++ b/ranger-examples/sample-client/src/main/python/sample_gds_client.py
@@ -131,6 +131,13 @@ dshid_2.validitySchedule = { 'startTime': '2023/02/01',
'endTime': '2023/03/01'
dshid_2 = gds.update_data_share_in_dataset(dshid_2.id, dshid_2)
print(f' updated data_share_in_dataset: {dshid_2}')
+print(f'Adding policy for dataset {dataset_1.name}: ')
+policy = gds.add_dataset_policy(dataset_1.id, RangerPolicy({ 'name':
dataset_1.name }))
+print(f' added policy for dataset {dataset_1.name}: {policy}')
+
+policies = gds.get_dataset_policies(dataset_1.id)
+print(f' policies for dataset {dataset_1.name}: {policies}')
+
d1_in_p1 = RangerDatasetInProject({ 'datasetId': dataset_1.id, 'projectId':
project_1.id, 'status': GdsShareStatus.GRANTED, 'validitySchedule': {
'startTime': '2023/01/01', 'endTime': '2023/04/01' }})
d1_in_p2 = RangerDatasetInProject({ 'datasetId': dataset_1.id, 'projectId':
project_2.id, 'status': GdsShareStatus.GRANTED, 'validitySchedule': {
'startTime': '2023/01/01', 'endTime': '2023/04/01' }})
@@ -153,6 +160,13 @@ d2_in_p2.status = GdsShareStatus.GRANTED
d2_in_p2 = gds.update_dataset_in_project(d2_in_p2.id, d2_in_p2)
print(f' updated dataset_in_project: {d2_in_p2}')
+print(f'Adding policy for project {project_1.name}: ')
+policy = gds.add_project_policy(project_1.id, RangerPolicy({ 'name':
project_1.name }))
+print(f' added policy for project {project_1.name}: {policy}')
+
+policies = gds.get_project_policies(project_1.id)
+print(f' policies for project {project_1.name}: {policies}')
+
print(f'Removing dataset_in_project: id={d1_in_p1.id}')
gds.remove_dataset_in_project(d1_in_p1.id)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index e71facf8e..331c97027 100755
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -92,6 +92,8 @@ DROP TABLE IF EXISTS `xa_access_audit`;
DROP TABLE IF EXISTS `x_portal_user_role`;
DROP TABLE IF EXISTS `x_portal_user`;
DROP TABLE IF EXISTS `x_db_version_h`;
+DROP TABLE IF EXISTS `x_gds_dataset_policy_map`;
+DROP TABLE IF EXISTS `x_gds_project_policy_map`;
DROP TABLE IF EXISTS `x_gds_dataset_in_project`;
DROP TABLE IF EXISTS `x_gds_data_share_in_dataset`;
DROP TABLE IF EXISTS `x_gds_shared_resource`;
@@ -564,7 +566,6 @@ CREATE TABLE `x_service` (
`tag_service` BIGINT DEFAULT NULL NULL,
`tag_version` BIGINT DEFAULT 0 NOT NULL,
`tag_update_time` DATETIME DEFAULT NULL NULL,
-`gds_service` BIGINT DEFAULT NULL NULL,
primary key (`id`),
UNIQUE KEY `X_service_name` (`name`),
KEY `x_service_added_by_id` (`added_by_id`),
@@ -575,8 +576,7 @@ KEY `x_service_type` (`type`),
CONSTRAINT `x_service_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES
`x_portal_user` (`id`),
CONSTRAINT `x_service_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES
`x_portal_user` (`id`),
CONSTRAINT `x_service_FK_type` FOREIGN KEY (`type`) REFERENCES `x_service_def`
(`id`),
-CONSTRAINT `x_service_FK_tag_service` FOREIGN KEY (`tag_service`) REFERENCES
`x_service` (`id`),
-CONSTRAINT `x_service_FK_gds_service` FOREIGN KEY (`gds_service`) REFERENCES
`x_service` (`id`)
+CONSTRAINT `x_service_FK_tag_service` FOREIGN KEY (`tag_service`) REFERENCES
`x_service` (`id`)
)ROW_FORMAT=DYNAMIC;
CREATE TABLE IF NOT EXISTS `x_security_zone`(
@@ -1249,8 +1249,6 @@ CREATE TABLE `x_service_version_info` (
`tag_update_time` datetime NULL DEFAULT NULL,
`role_version` bigint(20) NOT NULL DEFAULT 0,
`role_update_time` datetime NULL DEFAULT NULL,
-`gds_version` bigint(20) DEFAULT 0 NOT NULL,
-`gds_update_time` datetime DEFAULT NULL NULL,
`version` bigint(20) NOT NULL DEFAULT '1',
primary key (`id`),
CONSTRAINT `x_service_version_info_FK_service_id` FOREIGN KEY (`service_id`)
REFERENCES `x_service` (`id`)
@@ -1872,6 +1870,30 @@ CREATE INDEX `x_gds_dip_guid` ON
`x_gds_dataset_in_project`(`guid`);
CREATE INDEX `x_gds_dip_dataset_id` ON
`x_gds_dataset_in_project`(`dataset_id`);
CREATE INDEX `x_gds_dip_project_id` ON
`x_gds_dataset_in_project`(`project_id`);
+CREATE TABLE `x_gds_dataset_policy_map`(
+ `id` BIGINT(20) NOT NULL AUTO_INCREMENT
+ , `dataset_id` BIGINT(20) NOT NULL
+ , `policy_id` BIGINT(20) NOT NULL
+ , PRIMARY KEY(`id`)
+ , UNIQUE KEY `x_gds_dpm_UK_dataset_id_policy_id`(`dataset_id`, `policy_id`)
+ , CONSTRAINT `x_gds_dpm_FK_dataset_id` FOREIGN KEY(`dataset_id`) REFERENCES
`x_gds_dataset`(`id`)
+ , CONSTRAINT `x_gds_dpm_FK_policy_id` FOREIGN KEY(`policy_id`) REFERENCES
`x_policy`(`id`)
+);
+CREATE INDEX `x_gds_dpm_dataset_id` ON
`x_gds_dataset_policy_map`(`dataset_id`);
+CREATE INDEX `x_gds_dpm_policy_id` ON `x_gds_dataset_policy_map`(`policy_id`);
+
+CREATE TABLE `x_gds_project_policy_map`(
+ `id` BIGINT(20) NOT NULL AUTO_INCREMENT
+ , `project_id` BIGINT(20) NOT NULL
+ , `policy_id` BIGINT(20) NOT NULL
+ , PRIMARY KEY(`id`)
+ , UNIQUE KEY `x_gds_ppm_UK_project_id_policy_id`(`project_id`, `policy_id`)
+ , CONSTRAINT `x_gds_ppm_FK_project_id` FOREIGN KEY(`project_id`) REFERENCES
`x_gds_project`(`id`)
+ , CONSTRAINT `x_gds_ppm_FK_policy_id` FOREIGN KEY(`policy_id`) REFERENCES
`x_policy`(`id`)
+);
+CREATE INDEX `x_gds_ppm_project_id` ON
`x_gds_project_policy_map`(`project_id`);
+CREATE INDEX `x_gds_ppm_policy_id` ON `x_gds_project_policy_map`(`policy_id`);
+
DELIMITER $$
DROP PROCEDURE if exists insertRangerPrerequisiteEntries $$
diff --git
a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 8536f651e..a0e6c55cc 100755
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -90,6 +90,8 @@ DROP TABLE IF EXISTS xa_access_audit CASCADE;
DROP TABLE IF EXISTS x_portal_user_role CASCADE;
DROP TABLE IF EXISTS x_portal_user CASCADE;
DROP TABLE IF EXISTS x_db_version_h CASCADE;
+DROP TABLE IF EXISTS x_gds_dataset_policy_map;
+DROP TABLE IF EXISTS x_gds_project_policy_map;
DROP TABLE IF EXISTS x_gds_dataset CASCADE;
DROP TABLE IF EXISTS x_gds_project CASCADE;
DROP TABLE IF EXISTS x_gds_data_share CASCADE;
@@ -575,14 +577,12 @@ is_enabled BOOLEAN DEFAULT '0' NOT NULL,
tag_service BIGINT DEFAULT NULL NULL,
tag_version BIGINT DEFAULT 0 NOT NULL,
tag_update_time TIMESTAMP DEFAULT NULL NULL,
-gds_service BIGINT DEFAULT NULL NULL,
primary key(id),
CONSTRAINT x_service_name UNIQUE(name),
CONSTRAINT x_service_FK_added_by_id FOREIGN KEY(added_by_id) REFERENCES
x_portal_user(id),
CONSTRAINT x_service_FK_upd_by_id FOREIGN KEY(upd_by_id) REFERENCES
x_portal_user(id),
CONSTRAINT x_service_FK_type FOREIGN KEY(type) REFERENCES x_service_def(id),
-CONSTRAINT x_service_FK_tag_service FOREIGN KEY (tag_service) REFERENCES
x_service(id),
-CONSTRAINT x_service_FK_gds_service FOREIGN KEY (gds_service) REFERENCES
x_service(id)
+CONSTRAINT x_service_FK_tag_service FOREIGN KEY (tag_service) REFERENCES
x_service(id)
);
CREATE SEQUENCE x_security_zone_seq;
@@ -1196,8 +1196,6 @@ tag_version bigint NOT NULL DEFAULT '0',
tag_update_time TIMESTAMP DEFAULT NULL,
role_version bigint NOT NULL DEFAULT '0',
role_update_time TIMESTAMP DEFAULT NULL,
-gds_version bigint NOT NULL DEFAULT '0',
-gds_update_time TIMESTAMP DEFAULT NULL,
version bigint NOT NULL DEFAULT '1',
primary key (id),
CONSTRAINT x_service_version_info_service_id FOREIGN KEY (service_id)
REFERENCES x_service (id)
@@ -1869,6 +1867,34 @@ CREATE INDEX x_gds_dip_dataset_id ON
x_gds_dataset_in_project(dataset_id);
CREATE INDEX x_gds_dip_project_id ON x_gds_dataset_in_project(project_id);
commit;
+CREATE SEQUENCE x_gds_dataset_policy_map_seq;
+CREATE TABLE x_gds_dataset_policy_map(
+ id BIGINT NOT NULL DEFAULT
nextval('x_gds_dataset_policy_map_seq'::regclass)
+ , dataset_id BIGINT NOT NULL
+ , policy_id BIGINT NOT NULL
+ , PRIMARY KEY(id)
+ , CONSTRAINT x_gds_dpm_FK_dataset_id FOREIGN KEY(dataset_id) REFERENCES
x_gds_dataset(id)
+ , CONSTRAINT x_gds_dpm_FK_policy_id FOREIGN KEY(policy_id) REFERENCES
x_policy(id)
+ , CONSTRAINT x_gds_dpm_UK_dataset_id_policy_id UNIQUE(dataset_id, policy_id)
+);
+CREATE INDEX x_gds_dpm_dataset_id ON x_gds_dataset_policy_map(dataset_id);
+CREATE INDEX x_gds_dpm_policy_id ON x_gds_dataset_policy_map(policy_id);
+commit;
+
+CREATE SEQUENCE x_gds_project_policy_map_seq;
+CREATE TABLE x_gds_project_policy_map(
+ id BIGINT NOT NULL DEFAULT
nextval('x_gds_project_policy_map_seq'::regclass)
+ , project_id BIGINT NOT NULL
+ , policy_id BIGINT NOT NULL
+ , PRIMARY KEY(id)
+ , CONSTRAINT x_gds_ppm_FK_project_id FOREIGN KEY(project_id) REFERENCES
x_gds_project(id)
+ , CONSTRAINT x_gds_ppm_FK_policy_id FOREIGN KEY(policy_id) REFERENCES
x_policy(id)
+ , CONSTRAINT x_gds_ppm_UK_project_id_policy_id UNIQUE(project_id, policy_id)
+);
+CREATE INDEX x_gds_ppm_project_id ON x_gds_project_policy_map(project_id);
+CREATE INDEX x_gds_ppm_policy_id ON x_gds_project_policy_map(policy_id);
+commit;
+
CREATE INDEX x_tag_change_log_IDX_service_id ON x_tag_change_log(service_id);
CREATE INDEX x_tag_change_log_IDX_tag_version ON
x_tag_change_log(service_tags_version);
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index 05705cd92..a1f5ef6fe 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -34,8 +34,10 @@ import org.apache.ranger.db.XXGdsProjectDao;
import org.apache.ranger.entity.XXGdsDataShareInDataset;
import org.apache.ranger.entity.XXGdsDataset;
import org.apache.ranger.entity.XXGdsDatasetInProject;
+import org.apache.ranger.entity.XXGdsDatasetPolicyMap;
import org.apache.ranger.entity.XXPolicy;
import org.apache.ranger.entity.XXGdsProject;
+import org.apache.ranger.entity.XXGdsProjectPolicyMap;
import
org.apache.ranger.plugin.model.RangerDatasetHeader.RangerDatasetHeaderInfo;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerGds.GdsPermission;
@@ -51,6 +53,7 @@ import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
import org.apache.ranger.plugin.store.AbstractGdsStore;
import org.apache.ranger.plugin.store.PList;
+import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.service.RangerGdsDataShareService;
import org.apache.ranger.service.RangerGdsDataShareInDatasetService;
@@ -86,6 +89,14 @@ import static
org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.EMBEDDED_SE
public class GdsDBStore extends AbstractGdsStore {
private static final Logger LOG =
LoggerFactory.getLogger(GdsDBStore.class);
+ public static final String RESOURCE_NAME_DATASET_ID = "dataset-id";
+ public static final String RESOURCE_NAME_PROJECT_ID = "project-id";
+
+ public static final String NOT_AUTHORIZED_FOR_DATASET_POLICIES = "User
is not authorized to manage policies for this dataset";
+ public static final String NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES = "User
is not authorized to view policies for this dataset";
+ public static final String NOT_AUTHORIZED_FOR_PROJECT_POLICIES = "User
is not authorized to manage policies for this dataset";
+ public static final String NOT_AUTHORIZED_TO_VIEW_PROJECT_POLICIES = "User
is not authorized to view policies for this dataset";
+
@Autowired
RangerGdsValidator validator;
@@ -122,6 +133,9 @@ public class GdsDBStore extends AbstractGdsStore {
@Autowired
RangerBizUtil bizUtil;
+ @Autowired
+ ServiceStore svcStore;
+
@Autowired
RESTErrorUtil restErrorUtil;
@@ -210,6 +224,7 @@ public class GdsDBStore extends AbstractGdsStore {
validator.validateDelete(datasetId, existing);
+ deleteDatasetPolicies(existing);
datasetService.delete(existing);
datasetService.createObjectHistory(null, existing,
RangerServiceService.OPERATION_DELETE_CONTEXT);
@@ -225,7 +240,6 @@ public class GdsDBStore extends AbstractGdsStore {
RangerDataset ret = datasetService.read(datasetId);
-
if (ret != null && !validator.hasPermission(ret.getAcl(),
GdsPermission.VIEW)) {
throw new Exception("no permission on dataset id=" + datasetId);
}
@@ -281,9 +295,9 @@ public class GdsDBStore extends AbstractGdsStore {
public PList<RangerDataset> searchDatasets(SearchFilter filter) throws
Exception {
LOG.debug("==> searchDatasets({})", filter);
- PList<RangerDataset> ret = getUnscrubbedDatasets(filter);
- List<RangerDataset> datasets = ret.getList();
- GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
+ PList<RangerDataset> ret = getUnscrubbedDatasets(filter);
+ List<RangerDataset> datasets = ret.getList();
+ GdsPermission gdsPermission =
getGdsPermissionFromFilter(filter);
for (RangerDataset dataset : datasets) {
if (gdsPermission.equals(GdsPermission.LIST)) {
@@ -296,6 +310,137 @@ public class GdsDBStore extends AbstractGdsStore {
return ret;
}
+ @Override
+ public RangerPolicy addDatasetPolicy(Long datasetId, RangerPolicy policy)
throws Exception {
+ LOG.debug("==> addDatasetPolicy({}, {})", datasetId, policy);
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ if (!validator.hasPermission(dataset.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
+ }
+
+ prepareDatasetPolicy(dataset, policy);
+
+ RangerPolicy ret = svcStore.createPolicy(policy);
+
+ daoMgr.getXXGdsDatasetPolicyMap().create(new
XXGdsDatasetPolicyMap(datasetId, ret.getId()));
+
+ LOG.debug("<== addDatasetPolicy({}, {}): ret={}", datasetId, policy,
ret);
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updateDatasetPolicy(Long datasetId, RangerPolicy
policy) throws Exception {
+ LOG.debug("==> updateDatasetPolicy({}, {})", datasetId, policy);
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ if (!validator.hasPermission(dataset.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
+ }
+
+ XXGdsDatasetPolicyMap existing =
daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId,
policy.getId());
+
+ if (existing == null) {
+ throw new Exception("no policy exists: datasetId=" + datasetId +
", policyId=" + policy.getId());
+ }
+
+ prepareDatasetPolicy(dataset, policy);
+
+ RangerPolicy ret = svcStore.updatePolicy(policy);
+
+ LOG.debug("<== updateDatasetPolicy({}, {}): ret={}", datasetId,
policy, ret);
+
+ return ret;
+ }
+
+ @Override
+ public void deleteDatasetPolicy(Long datasetId, Long policyId) throws
Exception {
+ LOG.debug("==> deleteDatasetPolicy({}, {})", datasetId, policyId);
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ if (!validator.hasPermission(dataset.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
+ }
+
+ XXGdsDatasetPolicyMap existing =
daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId, policyId);
+
+ if (existing == null) {
+ throw new Exception("no policy exists: datasetId=" + datasetId +
", policyId=" + policyId);
+ }
+
+ RangerPolicy policy = svcStore.getPolicy(policyId);
+
+ daoMgr.getXXGdsDatasetPolicyMap().remove(existing);
+ svcStore.deletePolicy(policy);
+
+ LOG.debug("<== deleteDatasetPolicy({}, {})", datasetId, policyId);
+ }
+
+ @Override
+ public void deleteDatasetPolicies(Long datasetId) throws Exception {
+ LOG.debug("==> deleteDatasetPolicies({})", datasetId);
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ deleteDatasetPolicies(dataset);
+
+ LOG.debug("<== deleteDatasetPolicy({})", datasetId);
+ }
+
+ @Override
+ public RangerPolicy getDatasetPolicy(Long datasetId, Long policyId) throws
Exception {
+ LOG.debug("==> getDatasetPolicy({}, {})", datasetId, policyId);
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ if (!validator.hasPermission(dataset.getAcl(), GdsPermission.AUDIT)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
+ }
+
+ XXGdsDatasetPolicyMap existing =
daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId, policyId);
+
+ if (existing == null) {
+ throw new Exception("no policy exists: datasetId=" + datasetId +
", policyId=" + policyId);
+ }
+
+ RangerPolicy ret = svcStore.getPolicy(policyId);
+
+ LOG.debug("<== getDatasetPolicy({}, {}): ret={}", datasetId, policyId,
ret);
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getDatasetPolicies(Long datasetId) throws
Exception {
+ LOG.debug("==> getDatasetPolicies({})", datasetId);
+
+ List<RangerPolicy> ret = null;
+
+ RangerDataset dataset = datasetService.read(datasetId);
+
+ if (!validator.hasPermission(dataset.getAcl(), GdsPermission.AUDIT)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
+ }
+
+ List<Long> policyIds =
daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyIds(datasetId);
+
+ if (policyIds != null) {
+ ret = new ArrayList<>(policyIds.size());
+
+ for (Long policyId : policyIds) {
+ ret.add(svcStore.getPolicy(policyId));
+ }
+ }
+
+ LOG.debug("<== getDatasetPolicies({}): ret={}", datasetId, ret);
+
+ return ret;
+ }
+
@Override
public RangerProject createProject(RangerProject project) throws Exception
{
LOG.debug("==> createProject({})", project);
@@ -356,6 +501,7 @@ public class GdsDBStore extends AbstractGdsStore {
validator.validateDelete(projectId, existing);
+ deleteProjectPolicies(existing);
projectService.delete(existing);
projectService.createObjectHistory(null, existing,
RangerServiceService.OPERATION_DELETE_CONTEXT);
@@ -445,6 +591,137 @@ public class GdsDBStore extends AbstractGdsStore {
return ret;
}
+ @Override
+ public RangerPolicy addProjectPolicy(Long projectId, RangerPolicy policy)
throws Exception {
+ LOG.debug("==> addProjectPolicy({}, {})", projectId, policy);
+
+ RangerProject project = projectService.read(projectId);
+
+ if (!validator.hasPermission(project.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
+ }
+
+ prepareProjectPolicy(project, policy);
+
+ RangerPolicy ret = svcStore.createPolicy(policy);
+
+ daoMgr.getXXGdsProjectPolicyMap().create(new
XXGdsProjectPolicyMap(projectId, ret.getId()));
+
+ LOG.debug("<== addProjectPolicy({}, {}): ret={}", projectId, policy,
ret);
+
+ return ret;
+ }
+
+ @Override
+ public RangerPolicy updateProjectPolicy(Long projectId, RangerPolicy
policy) throws Exception {
+ LOG.debug("==> updateProjectPolicy({}, {})", projectId, policy);
+
+ RangerProject project = projectService.read(projectId);
+
+ if (!validator.hasPermission(project.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
+ }
+
+ XXGdsProjectPolicyMap existing =
daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId,
policy.getId());
+
+ if (existing == null) {
+ throw new Exception("no policy exists: projectId=" + projectId +
", policyId=" + policy.getId());
+ }
+
+ prepareProjectPolicy(project, policy);
+
+ RangerPolicy ret = svcStore.updatePolicy(policy);
+
+ LOG.debug("<== updateProjectPolicy({}, {}): ret={}", projectId,
policy, ret);
+
+ return ret;
+ }
+
+ @Override
+ public void deleteProjectPolicy(Long projectId, Long policyId) throws
Exception {
+ LOG.debug("==> deleteProjectPolicy({}, {})", projectId, policyId);
+
+ RangerProject project = projectService.read(projectId);
+
+ if (!validator.hasPermission(project.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
+ }
+
+ XXGdsProjectPolicyMap existing =
daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId, policyId);
+
+ if (existing == null) {
+ throw new Exception("no policy exists: projectId=" + projectId +
", policyId=" + policyId);
+ }
+
+ RangerPolicy policy = svcStore.getPolicy(policyId);
+
+ daoMgr.getXXGdsProjectPolicyMap().remove(existing);
+ svcStore.deletePolicy(policy);
+
+ LOG.debug("<== deleteProjectPolicy({}, {})", projectId, policyId);
+ }
+
+ @Override
+ public void deleteProjectPolicies(Long projectId) throws Exception {
+ LOG.debug("==> deleteProjectPolicies({})", projectId);
+
+ RangerProject project = projectService.read(projectId);
+
+ deleteProjectPolicies(project);
+
+ LOG.debug("<== deleteProjectPolicy({})", projectId);
+ }
+
+ @Override
+ public RangerPolicy getProjectPolicy(Long projectId, Long policyId) throws
Exception {
+ LOG.debug("==> getProjectPolicy({}, {})", projectId, policyId);
+
+ RangerProject project = projectService.read(projectId);
+
+ if (!validator.hasPermission(project.getAcl(), GdsPermission.AUDIT)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
+ }
+
+ XXGdsProjectPolicyMap existing =
daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId, policyId);
+
+ if (existing == null) {
+ throw new Exception("no policy exists: projectId=" + projectId +
", policyId=" + policyId);
+ }
+
+ RangerPolicy ret = svcStore.getPolicy(policyId);
+
+ LOG.debug("<== getProjectPolicy({}, {}): ret={}", projectId, policyId,
ret);
+
+ return ret;
+ }
+
+ @Override
+ public List<RangerPolicy> getProjectPolicies(Long projectId) throws
Exception {
+ LOG.debug("==> getProjectPolicies({})", projectId);
+
+ List<RangerPolicy> ret = null;
+
+ RangerProject project = projectService.read(projectId);
+
+ if (!validator.hasPermission(project.getAcl(), GdsPermission.AUDIT)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
+ }
+
+ List<Long> policyIds =
daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyIds(projectId);
+
+ if (policyIds != null) {
+ ret = new ArrayList<>(policyIds.size());
+
+ for (Long policyId : policyIds) {
+ ret.add(svcStore.getPolicy(policyId));
+ }
+ }
+
+ LOG.debug("<== getProjectPolicies({}): ret={}", projectId, ret);
+
+ return ret;
+ }
+
@Override
public RangerDataShare createDataShare(RangerDataShare dataShare) throws
Exception {
@@ -1049,4 +1326,72 @@ public class GdsDBStore extends AbstractGdsStore {
}
}
}
+
+ private void prepareDatasetPolicy(RangerDataset dataset, RangerPolicy
policy) {
+ policy.setName("DATASET: " + dataset.getName() + "@" +
System.currentTimeMillis());
+ policy.setDescription("Policy for dataset: " + dataset.getName());
+ policy.setServiceType(EMBEDDED_SERVICEDEF_GDS_NAME);
+ policy.setService(ServiceDBStore.GDS_SERVICE_NAME);
+ policy.setZoneName(null);
+ policy.setResources(Collections.singletonMap(RESOURCE_NAME_DATASET_ID,
new RangerPolicyResource(dataset.getId().toString())));
+ policy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS);
+ policy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL);
+ policy.setAllowExceptions(Collections.emptyList());
+ policy.setDenyPolicyItems(Collections.emptyList());
+ policy.setDenyExceptions(Collections.emptyList());
+ policy.setDataMaskPolicyItems(Collections.emptyList());
+ policy.setRowFilterPolicyItems(Collections.emptyList());
+ policy.setIsDenyAllElse(Boolean.FALSE);
+ }
+
+ private void prepareProjectPolicy(RangerProject project, RangerPolicy
policy) {
+ policy.setName("PROJECT: " + project.getName() + "@" +
System.currentTimeMillis());
+ policy.setDescription("Policy for project: " + project.getName());
+ policy.setServiceType(EMBEDDED_SERVICEDEF_GDS_NAME);
+ policy.setService(ServiceDBStore.GDS_SERVICE_NAME);
+ policy.setZoneName(null);
+ policy.setResources(Collections.singletonMap(RESOURCE_NAME_PROJECT_ID,
new RangerPolicyResource(project.getId().toString())));
+ policy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS);
+ policy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL);
+ policy.setAllowExceptions(Collections.emptyList());
+ policy.setDenyPolicyItems(Collections.emptyList());
+ policy.setDenyExceptions(Collections.emptyList());
+ policy.setDataMaskPolicyItems(Collections.emptyList());
+ policy.setRowFilterPolicyItems(Collections.emptyList());
+ policy.setIsDenyAllElse(Boolean.FALSE);
+ }
+
+ private void deleteDatasetPolicies(RangerDataset dataset) throws Exception
{
+ if (!validator.hasPermission(dataset.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
+ }
+
+ List<XXGdsDatasetPolicyMap> existingMaps =
daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMaps(dataset.getId());
+
+ if (existingMaps != null) {
+ for (XXGdsDatasetPolicyMap existing : existingMaps) {
+ RangerPolicy policy =
svcStore.getPolicy(existing.getPolicyId());
+
+ daoMgr.getXXGdsDatasetPolicyMap().remove(existing);
+ svcStore.deletePolicy(policy);
+ }
+ }
+ }
+
+ private void deleteProjectPolicies(RangerProject project) throws Exception
{
+ if (!validator.hasPermission(project.getAcl(),
GdsPermission.POLICY_ADMIN)) {
+ throw
restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
+ }
+
+ List<XXGdsProjectPolicyMap> existingMaps =
daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMaps(project.getId());
+
+ if (existingMaps != null) {
+ for (XXGdsProjectPolicyMap existing : existingMaps) {
+ RangerPolicy policy =
svcStore.getPolicy(existing.getPolicyId());
+
+ daoMgr.getXXGdsProjectPolicyMap().remove(existing);
+ svcStore.deletePolicy(policy);
+ }
+ }
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 136a1309b..5534c8056 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1587,4 +1587,12 @@ public class RangerBizUtil {
throw restErrorUtil.generateRESTException(vXResponse);
}
}
+
+ public boolean isGdsServiceDef(XXDBBase xxdbBase) {
+ return (xxdbBase instanceof XXServiceDef) &&
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME.equals(((XXServiceDef)
xxdbBase).getName());
+ }
+
+ public boolean isGdsService(XXDBBase xxdbBase) {
+ return (xxdbBase instanceof XXService) &&
EmbeddedServiceDefsUtil.instance().getGdsServiceDefId() == ((XXService)
xxdbBase).getType();
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index f2de83e20..d3fe7f6b9 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -27,6 +27,7 @@ import java.net.UnknownHostException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
@@ -245,6 +246,7 @@ public class ServiceDBStore extends AbstractServiceStore {
private static final String AMBARI_SERVICE_CHECK_USER =
"ambari.service.check.user";
public static final String SERVICE_ADMIN_USERS =
"service.admin.users";
public static final String SERVICE_ADMIN_GROUPS =
"service.admin.groups";
+ public static final String GDS_SERVICE_NAME = "_gds";
private static boolean isRolesDownloadedByService = false;
@@ -1720,43 +1722,6 @@ public class ServiceDBStore extends AbstractServiceStore
{
hasTagServiceValueChanged = true;
}
- boolean hasGdsServiceValueChanged = false;
- Long existingGdsServiceId = existing.getGdsService();
- String newGdsServiceName = service.getGdsService(); //
null/empty for old clients; blank string to remove existing association
- Long newGdsServiceId = null;
-
- if (StringUtils.isEmpty(newGdsServiceName)) { // old client;
don't update existing gdsService
- if (existingGdsServiceId != null) {
- newGdsServiceName =
getServiceName(existingGdsServiceId);
-
- service.setGdsService(newGdsServiceName);
-
- LOG.info("ServiceDBStore.updateService(id=" +
service.getId() + "; name=" + service.getName() + "): gdsService is null; using
existing gdsService '" + newGdsServiceName + "'");
- }
- }
-
- if (StringUtils.isNotBlank(newGdsServiceName)) {
- RangerService tmp = getServiceByName(newGdsServiceName);
-
- if (tmp == null ||
!EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME.equals(tmp.getType())) {
- if (LOG.isDebugEnabled()) {
-
LOG.debug("ServiceDBStore.updateService() - " + newGdsServiceName + " does not
refer to a valid gds service.(" + service + ")");
- }
-
- throw
restErrorUtil.createRESTException("Invalid gds service name " +
newGdsServiceName, MessageEnums.ERROR_CREATING_OBJECT);
- } else {
- newGdsServiceId = tmp.getId();
- }
- }
-
- if (existingGdsServiceId == null) {
- if (newGdsServiceId != null) {
- hasGdsServiceValueChanged = true;
- }
- } else if (!existingGdsServiceId.equals(newGdsServiceId)) {
- hasGdsServiceValueChanged = true;
- }
-
boolean hasIsEnabledChanged =
!existing.getIsenabled().equals(service.getIsEnabled());
List<XXServiceConfigMap> dbConfigMaps =
daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
@@ -1774,7 +1739,7 @@ public class ServiceDBStore extends AbstractServiceStore {
service.setVersion(existing.getVersion());
service = svcService.update(service);
- if (hasTagServiceValueChanged ||
hasGdsServiceValueChanged || hasIsEnabledChanged ||
hasServiceConfigForPluginChanged) {
+ if (hasTagServiceValueChanged || hasIsEnabledChanged ||
hasServiceConfigForPluginChanged) {
updatePolicyVersion(service,
RangerPolicyDelta.CHANGE_TYPE_SERVICE_CHANGE, null,false);
}
}
@@ -2977,7 +2942,7 @@ public class ServiceDBStore extends AbstractServiceStore {
copy.setGdsPolicies(null);
}
- List<RangerPolicy> copyPolicies
= ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null;
+ List<RangerPolicy> copyPolicies
= ret.getPolicies() != null ? new ArrayList<>(ret.getPolicies()) : null;
List<RangerPolicyDelta>
copyPolicyDeltas = ret.getPolicyDeltas() != null ? new
ArrayList<>(ret.getPolicyDeltas()) : null;
copy.setPolicies(copyPolicies);
@@ -3091,9 +3056,7 @@ public class ServiceDBStore extends AbstractServiceStore {
tagServiceDbObj =
daoMgr.getXXService().getById(serviceDbObj.getTagService());
}
- if (serviceDbObj.getGdsService() != null) {
- gdsServiceDbObj =
daoMgr.getXXService().getById(serviceDbObj.getGdsService());
- }
+ gdsServiceDbObj =
daoMgr.getXXService().findByName(GDS_SERVICE_NAME);
if (tagServiceDbObj != null) {
tagServiceDef =
getServiceDef(tagServiceDbObj.getType());
@@ -3120,7 +3083,7 @@ public class ServiceDBStore extends AbstractServiceStore {
ServiceDefUtil.normalizeAccessTypeDefs(gdsServiceDef,
serviceType);
- gdsServiceVersionInfoDbObj =
daoMgr.getXXServiceVersionInfo().findByServiceId(serviceDbObj.getGdsService());
+ gdsServiceVersionInfoDbObj =
daoMgr.getXXServiceVersionInfo().findByServiceName(GDS_SERVICE_NAME);
if (gdsServiceVersionInfoDbObj == null) {
LOG.warn("serviceVersionInfo does not exist.
name=" + gdsServiceDbObj.getName());
@@ -3774,7 +3737,7 @@ public class ServiceDBStore extends AbstractServiceStore {
boolean isGdsService = serviceDbObj.getType() ==
EmbeddedServiceDefsUtil.instance().getGdsServiceDefId();
if (isTagService || isGdsService) {
- List<Long> referringServiceIds = isTagService ?
serviceDao.findIdsByTagServiceId(serviceId) :
serviceDao.findIdsByGdsServiceId(serviceId);
+ List<Long> referringServiceIds = isTagService ?
serviceDao.findIdsByTagServiceId(serviceId) :
serviceDao.findIdsExcludingServiceTypes(Arrays.asList(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME,
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME));
for (Long referringServiceId : referringServiceIds) {
Runnable policyVersionUpdater = new
ServiceVersionUpdater(daoManager, referringServiceId,
VERSION_TYPE.POLICY_VERSION, policy != null ? policy.getZoneName() : null,
policyDeltaType, policy);
@@ -3853,8 +3816,6 @@ public class ServiceDBStore extends AbstractServiceStore {
serviceVersionInfoDbObj.setTagUpdateTime(now);
serviceVersionInfoDbObj.setRoleVersion(nextVersion);
serviceVersionInfoDbObj.setRoleUpdateTime(now);
-
serviceVersionInfoDbObj.setGdsVersion(nextVersion);
- serviceVersionInfoDbObj.setGdsUpdateTime(now);
serviceVersionUpdater.version = nextVersion;
serviceVersionInfoDao.create(serviceVersionInfoDbObj);
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index 15fc1cb44..7e071ba0e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -52,7 +52,6 @@ import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.RangerRolesUtil;
import org.apache.ranger.service.RangerServiceService;
-import org.apache.ranger.services.gds.RangerServiceGds;
import org.apache.ranger.services.tag.RangerServiceTag;
import org.apache.ranger.view.VXMessage;
import org.apache.ranger.view.VXResponse;
@@ -87,9 +86,6 @@ public class ServiceMgr {
@Autowired
TagDBStore tagStore;
- @Autowired
- GdsDBStore gdsStore;
-
@Autowired
RoleDBStore rolesStore;
@@ -349,8 +345,6 @@ public class ServiceMgr {
if(ret instanceof RangerServiceTag) {
((RangerServiceTag)ret).setTagStore(tagStore);
- } else if (ret instanceof
RangerServiceGds) {
-
((RangerServiceGds)ret).setGdsStore(gdsStore);
}
} else {
LOG.warn("ServiceMgr.getRangerServiceByService(" + service + "): could not find
service class '"
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index db0a80aef..7886a7a27 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -644,13 +644,14 @@ public class AppConstants extends RangerCommonEnums {
public static final int CLASS_TYPE_GDS_DATA_SHARE = 1064;
public static final int CLASS_TYPE_GDS_SHARED_RESOURCE = 1065;
public static final int CLASS_TYPE_GDS_DATA_SHARE_IN_DATASET = 1066;
- public static final int CLASS_TYPE_GDS_DATA_SHARE_IN_PROJECT = 1067;
- public static final int CLASS_TYPE_GDS_DATASET_IN_PROJECT = 1068;
+ public static final int CLASS_TYPE_GDS_DATASET_IN_PROJECT = 1067;
+ public static final int CLASS_TYPE_GDS_DATASET_POLICY_MAP = 1068;
+ public static final int CLASS_TYPE_GDS_PROJECT_POLICY_MAP = 1069;
/**
* Max value for enum ClassTypes_MAX
*/
- public static final int ClassTypes_MAX = 1062;
+ public static final int ClassTypes_MAX = 1069;
/***************************************************************
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
index 4ffde84bd..08bcfd57b 100644
---
a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
+++
b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
@@ -330,5 +330,7 @@ public abstract class RangerDaoManagerBase {
public XXGdsSharedResourceDao getXXGdsSharedResource() { return new
XXGdsSharedResourceDao(this); }
public XXGdsDataShareInDatasetDao getXXGdsDataShareInDataset() { return
new XXGdsDataShareInDatasetDao(this); }
public XXGdsDatasetInProjectDao getXXGdsDatasetInProject() { return new
XXGdsDatasetInProjectDao(this); }
+ public XXGdsDatasetPolicyMapDao getXXGdsDatasetPolicyMap() { return new
XXGdsDatasetPolicyMapDao(this); }
+ public XXGdsProjectPolicyMapDao getXXGdsProjectPolicyMap() { return new
XXGdsProjectPolicyMapDao(this); }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetPolicyMapDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetPolicyMapDao.java
new file mode 100644
index 000000000..f28d3a5ec
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDatasetPolicyMapDao.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.db;
+
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGdsDatasetPolicyMap;
+import org.springframework.stereotype.Service;
+
+import javax.persistence.NoResultException;
+import java.util.Collections;
+import java.util.List;
+
+
+@Service
+public class XXGdsDatasetPolicyMapDao extends BaseDao<XXGdsDatasetPolicyMap> {
+ public XXGdsDatasetPolicyMapDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public XXGdsDatasetPolicyMap getDatasetPolicyMap(Long datasetId, Long
policyId) {
+ XXGdsDatasetPolicyMap ret = null;
+
+ if (datasetId != null && policyId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsDatasetPolicyMap.getDatasetPolicyMap",
tClass)
+
.setParameter("datasetId", datasetId)
+
.setParameter("policyId", policyId)
+ .getSingleResult();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+
+ public List<XXGdsDatasetPolicyMap> getDatasetPolicyMaps(Long datasetId)
{
+ List<XXGdsDatasetPolicyMap> ret = Collections.emptyList();
+
+ if (datasetId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsDatasetPolicyMap.getDatasetPolicyMaps",
tClass)
+
.setParameter("datasetId", datasetId)
+ .getResultList();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+
+ public List<Long> getDatasetPolicyIds(Long datasetId) {
+ List<Long> ret = Collections.emptyList();
+
+ if (datasetId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsDatasetPolicyMap.getDatasetPolicyIds",
Long.class)
+
.setParameter("datasetId", datasetId)
+ .getResultList();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectPolicyMapDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectPolicyMapDao.java
new file mode 100644
index 000000000..4cfd03db2
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/db/XXGdsProjectPolicyMapDao.java
@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.db;
+
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGdsProjectPolicyMap;
+import org.springframework.stereotype.Service;
+
+import javax.persistence.NoResultException;
+import java.util.Collections;
+import java.util.List;
+
+
+@Service
+public class XXGdsProjectPolicyMapDao extends BaseDao<XXGdsProjectPolicyMap> {
+ public XXGdsProjectPolicyMapDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public XXGdsProjectPolicyMap getProjectPolicyMap(Long projectId, Long
policyId) {
+ XXGdsProjectPolicyMap ret = null;
+
+ if (projectId != null && policyId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsProjectPolicyMap.getProjectPolicyMap",
tClass)
+
.setParameter("projectId", projectId)
+
.setParameter("policyId", policyId)
+ .getSingleResult();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+
+ public List<XXGdsProjectPolicyMap> getProjectPolicyMaps(Long projectId)
{
+ List<XXGdsProjectPolicyMap> ret = Collections.emptyList();
+
+ if (projectId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsProjectPolicyMap.getProjectPolicyMaps",
tClass)
+
.setParameter("projectId", projectId)
+ .getResultList();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+
+ public List<Long> getProjectPolicyIds(Long projectId) {
+ List<Long> ret = Collections.emptyList();
+
+ if (projectId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXGdsProjectPolicyMap.getProjectPolicyIds",
Long.class)
+
.setParameter("projectId", projectId)
+ .getResultList();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 9ff7f0a68..c65b961fc 100755
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -434,4 +434,37 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
return ret;
}
+
+ public XXPolicy getProjectPolicy(Long projectId, Long policyId) {
+ XXPolicy ret = null;
+
+ if (projectId != null && policyId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXPolicy.getProjectPolicy", tClass)
+
.setParameter("projectId", projectId)
+
.setParameter("policyId", policyId)
+ .getSingleResult();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
+
+ public List<XXPolicy> getProjectPolicies(Long projectId) {
+ List<XXPolicy> ret = Collections.emptyList();
+
+ if (projectId != null) {
+ try {
+ ret =
getEntityManager().createNamedQuery("XXPolicy.getProjectPolicies", tClass)
+
.setParameter("projectId", projectId)
+ .getResultList();
+ } catch (NoResultException e) {
+ // ignore
+ }
+ }
+
+ return ret;
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
index efe7d4bcc..c0f9d5c4e 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java
@@ -126,19 +126,6 @@ public class XXServiceDao extends BaseDao<XXService> {
return ret != null ? ret : Collections.emptyList();
}
- public List<Long> findIdsByGdsServiceId(Long gdsServiceId) {
- List<Long> ret = null;
-
- try {
- ret =
getEntityManager().createNamedQuery("XXService.findIdsByGdsServiceId",
Long.class)
- .setParameter("gdsServiceId",
gdsServiceId).getResultList();
- } catch (NoResultException e) {
- // ignre
- }
-
- return ret != null ? ret : Collections.emptyList();
- }
-
public XXService findAssociatedTagService(String serviceName) {
try {
return
getEntityManager().createNamedQuery("XXService.findAssociatedTagService",
tClass)
@@ -167,6 +154,16 @@ public class XXServiceDao extends BaseDao<XXService> {
updateSequence("X_SERVICE_SEQ", maxId + 1);
}
+ public List<Long> findIdsExcludingServiceTypes(List<String>
excludedServiceTypes) {
+ try {
+ return
getEntityManager().createNamedQuery("XXService.findIdsExcludingServiceTypes",
Long.class)
+ .setParameter("excludedServiceTypes",
excludedServiceTypes)
+ .getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<>();
+ }
+ }
+
public List<Long> getAllServiceIds() {
try {
return
getEntityManager().createNamedQuery("XXService.getAllServiceIds", Long.class)
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetPolicyMap.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetPolicyMap.java
new file mode 100644
index 000000000..2d79c94c3
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsDatasetPolicyMap.java
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.entity;
+
+import org.apache.ranger.common.AppConstants;
+
+import javax.persistence.*;
+import javax.xml.bind.annotation.XmlRootElement;
+import java.io.Serializable;
+import java.util.Objects;
+
+@Entity
+@Cacheable
+@Table(name="x_gds_dataset_policy_map")
+@XmlRootElement
+public class XXGdsDatasetPolicyMap implements Serializable {
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name = "X_GDS_DATASET_POLICY_MAP_SEQ", sequenceName =
"X_GDS_DATASET_POLICY_MAP_SEQ", allocationSize = 1)
+ @GeneratedValue(strategy = GenerationType.AUTO, generator =
"X_GDS_DATASET_POLICY_MAP_SEQ")
+ @Column(name = "id")
+ protected Long id;
+
+ @Column(name = "dataset_id")
+ protected Long datasetId;
+
+ @Column(name = "policy_id")
+ protected Long policyId;
+
+ public XXGdsDatasetPolicyMap() { }
+
+ public XXGdsDatasetPolicyMap(Long datasetId, Long policyId) {
+ setDatasetId(datasetId);
+ setPolicyId(policyId);
+ }
+
+ public void setId(Long id) { this.id = id; }
+
+ public Long getId() { return id; }
+
+ public Long getDatasetId() { return datasetId; }
+
+ public void setDatasetId(Long datasetId) { this.datasetId = datasetId; }
+
+ public Long getPolicyId() { return policyId; }
+
+ public void setPolicyId(Long policyId) { this.policyId = policyId; }
+
+ public int getMyClassType() { return
AppConstants.CLASS_TYPE_GDS_DATASET_POLICY_MAP; }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, datasetId, policyId);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ } else if (getClass() != obj.getClass()) {
+ return false;
+ } else if (!super.equals(obj)) {
+ return false;
+ }
+
+ XXGdsDatasetPolicyMap other = (XXGdsDatasetPolicyMap) obj;
+
+ return Objects.equals(id, other.id) &&
+ Objects.equals(datasetId, other.datasetId) &&
+ Objects.equals(policyId, other.policyId);
+ }
+
+ @Override
+ public String toString() {
+ return toString(new StringBuilder()).toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("XXGdsDatasetPolicyMap={ ")
+ .append(super.toString() + "} ")
+ .append("id={").append(id).append("} ")
+ .append("datasetId={").append(datasetId).append("} ")
+ .append("policyId={").append(policyId).append("} ")
+ .append(" }");
+
+ return sb;
+ }
+}
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProjectPolicyMap.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProjectPolicyMap.java
new file mode 100644
index 000000000..e7f1358ad
--- /dev/null
+++
b/security-admin/src/main/java/org/apache/ranger/entity/XXGdsProjectPolicyMap.java
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.entity;
+
+import org.apache.ranger.common.AppConstants;
+
+import javax.persistence.*;
+import javax.xml.bind.annotation.XmlRootElement;
+import java.io.Serializable;
+import java.util.Objects;
+
+@Entity
+@Cacheable
+@Table(name="x_gds_project_policy_map")
+@XmlRootElement
+public class XXGdsProjectPolicyMap implements Serializable {
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name = "X_GDS_PROJECT_POLICY_MAP_SEQ", sequenceName =
"X_GDS_PROJECT_POLICY_MAP_SEQ", allocationSize = 1)
+ @GeneratedValue(strategy = GenerationType.AUTO, generator =
"X_GDS_PROJECT_POLICY_MAP_SEQ")
+ @Column(name = "id")
+ protected Long id;
+
+ @Column(name = "project_id")
+ protected Long projectId;
+
+ @Column(name = "policy_id")
+ protected Long policyId;
+
+ public XXGdsProjectPolicyMap() { }
+
+ public XXGdsProjectPolicyMap(Long projectId, Long policyId) {
+ setProjectId(projectId);
+ setPolicyId(policyId);
+ }
+
+ public void setId(Long id) { this.id = id; }
+
+ public Long getId() { return id; }
+
+ public Long getProjectId() { return projectId; }
+
+ public void setProjectId(Long projectId) { this.projectId = projectId; }
+
+ public Long getPolicyId() { return policyId; }
+
+ public void setPolicyId(Long policyId) { this.policyId = policyId; }
+
+ public int getMyClassType() { return
AppConstants.CLASS_TYPE_GDS_PROJECT_POLICY_MAP; }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, projectId, policyId);
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ } else if (getClass() != obj.getClass()) {
+ return false;
+ } else if (!super.equals(obj)) {
+ return false;
+ }
+
+ XXGdsProjectPolicyMap other = (XXGdsProjectPolicyMap) obj;
+
+ return Objects.equals(id, other.id) &&
+ Objects.equals(projectId, other.projectId) &&
+ Objects.equals(policyId, other.policyId);
+ }
+
+ @Override
+ public String toString() {
+ return toString(new StringBuilder()).toString();
+ }
+
+ public StringBuilder toString(StringBuilder sb) {
+ sb.append("XXGdsProjectPolicyMap={ ")
+ .append(super.toString() + "} ")
+ .append("id={").append(id).append("} ")
+ .append("projectId={").append(projectId).append("} ")
+ .append("policyId={").append(policyId).append("} ")
+ .append(" }");
+
+ return sb;
+ }
+}
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java
index 682e66dd8..2abc391fe 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceBase.java
@@ -85,9 +85,6 @@ public abstract class XXServiceBase extends XXDBBase {
@Column(name = "tag_service")
protected Long tagService;
- @Column(name = "gds_service")
- protected Long gdsService;
-
/**
* policyVersion of the XXService
* <ul>
@@ -246,24 +243,6 @@ public abstract class XXServiceBase extends XXDBBase {
return this.tagService;
}
- /**
- * This method sets the value to the member attribute <b>
gdsService</b> .
- *
- * @param gdsService - Value to set member attribute <b> gdsService</b>
- */
- public void setGdsService(Long gdsService) {
- this.gdsService = gdsService;
- }
-
- /**
- * Returns the value for the member attribute <b>gdsService</b>
- *
- * @return Long - value of member attribute <b>gdsService</b> .
- */
- public Long getGdsService() {
- return this.gdsService;
- }
-
/**
* This method sets the value to the member attribute <b>
policyVersion</b>
* . You cannot set null to the attribute.
@@ -409,7 +388,6 @@ public abstract class XXServiceBase extends XXDBBase {
Objects.equals(tagService, other.tagService)
&&
Objects.equals(tagVersion, other.tagVersion)
&&
Objects.equals(tagUpdateTime,
other.tagUpdateTime) &&
- Objects.equals(gdsService, other.gdsService)
&&
Objects.equals(type, other.type) &&
Objects.equals(version, other.version) &&
Objects.equals(guid, other.guid);
@@ -426,7 +404,7 @@ public abstract class XXServiceBase extends XXDBBase {
@Override
public String toString() {
return "XXServiceBase [" + super.toString() + " guid=" + guid +
", version=" + version + ", type=" + type
- + ", name=" + name +", displayName=" +
displayName + ", tagService=" + tagService + ", gdsService=" + gdsService + ",
policyVersion=" + policyVersion + ", policyUpdateTime=" + policyUpdateTime
+ + ", name=" + name +", displayName=" +
displayName + ", tagService=" + tagService + ", policyVersion=" + policyVersion
+ ", policyUpdateTime=" + policyUpdateTime
+ ", tagVersion=" + tagVersion + ",
tagUpdateTime=" + tagUpdateTime
+ ", description=" + description + ",
isEnabled=" + isEnabled + "]";
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
index 54fe0f5b7..04f030b35 100644
---
a/security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
+++
b/security-admin/src/main/java/org/apache/ranger/entity/XXServiceVersionInfo.java
@@ -76,13 +76,6 @@ public class XXServiceVersionInfo implements
java.io.Serializable {
@Column(name="role_update_time" )
protected Date roleUpdateTime = DateUtil.getUTCDate();
- @Column(name = "gds_version")
- protected Long gdsVersion;
-
- @Temporal(TemporalType.TIMESTAMP)
- @Column(name = "gds_update_time")
- protected Date gdsUpdateTime;
-
@Version
@Column(name = "version")
protected Long version;
@@ -173,22 +166,6 @@ public class XXServiceVersionInfo implements
java.io.Serializable {
return this.roleUpdateTime;
}
- public void setGdsVersion(Long gdsVersion) {
- this.gdsVersion = gdsVersion;
- }
-
- public Long getGdsVersion() {
- return this.gdsVersion;
- }
-
- public void setGdsUpdateTime(Date gdsUpdateTime) {
- this.gdsUpdateTime = gdsUpdateTime;
- }
-
- public Date getGdsUpdateTime() {
- return this.gdsUpdateTime;
- }
-
/**
* This return the bean content in string format
* @return formatedStr
@@ -205,8 +182,6 @@ public class XXServiceVersionInfo implements
java.io.Serializable {
str += "tagUpdateTime={" + tagUpdateTime + "} ";
str += "setRoleVersion={" + roleVersion + "}" ;
str += "setRoleUpdateTime={" + roleUpdateTime + "}" ;
- str += "gdsVersion={" + gdsVersion + "}" ;
- str += "gdsUpdateTime={" + gdsUpdateTime + "}" ;
str += "}";
return str;
}
@@ -235,9 +210,7 @@ public class XXServiceVersionInfo implements
java.io.Serializable {
Objects.equals(tagVersion, other.tagVersion)
&&
Objects.equals(tagUpdateTime,
other.tagUpdateTime) &&
Objects.equals(roleVersion,
other.roleVersion) &&
- Objects.equals(roleUpdateTime,
other.roleUpdateTime) &&
- Objects.equals(gdsVersion, other.gdsVersion)
&&
- Objects.equals(gdsUpdateTime,
other.gdsUpdateTime);
+ Objects.equals(roleUpdateTime,
other.roleUpdateTime);
}
return ret;
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
index f827c754d..b7ef9b86a 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/GdsREST.java
@@ -23,18 +23,24 @@ import org.apache.commons.lang.StringUtils;
import org.apache.ranger.biz.GdsDBStore;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
+import
org.apache.ranger.plugin.model.RangerDatasetHeader.RangerDatasetHeaderInfo;
import org.apache.ranger.plugin.model.RangerGds.RangerDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerDatasetInProject;
import org.apache.ranger.plugin.model.RangerGds.RangerDataShareInDataset;
import org.apache.ranger.plugin.model.RangerGds.RangerDataShare;
import org.apache.ranger.plugin.model.RangerGds.RangerProject;
import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource;
+import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.util.RangerPerfTracer;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.security.context.RangerAPIList;
+import org.apache.ranger.service.RangerGdsDatasetInProjectService;
+import org.apache.ranger.service.RangerGdsDataShareInDatasetService;
+import org.apache.ranger.service.RangerGdsDataShareService;
import org.apache.ranger.service.RangerGdsDatasetService;
-import
org.apache.ranger.plugin.model.RangerDatasetHeader.RangerDatasetHeaderInfo;
+import org.apache.ranger.service.RangerGdsProjectService;
+import org.apache.ranger.service.RangerGdsSharedResourceService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -48,6 +54,7 @@ import
org.springframework.transaction.annotation.Transactional;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
+import java.util.List;
@Path("gds")
@Component
@@ -63,6 +70,21 @@ public class GdsREST {
@Autowired
RangerGdsDatasetService datasetService;
+ @Autowired
+ RangerGdsProjectService projectService;
+
+ @Autowired
+ RangerGdsDataShareService dataShareService;
+
+ @Autowired
+ RangerGdsSharedResourceService sharedResourceService;
+
+ @Autowired
+ RangerGdsDataShareInDatasetService dshidService;
+
+ @Autowired
+ RangerGdsDatasetInProjectService dipService;
+
@Autowired
RangerSearchUtil searchUtil;
@@ -245,7 +267,7 @@ public class GdsREST {
try {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchDatasets()");
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.listDatasetNames()");
}
filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
@@ -279,10 +301,8 @@ public class GdsREST {
SearchFilter filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
ret = gdsStore.getDatasetHeaders(filter);
- } catch (WebApplicationException we) {
- LOG.error("getDatasets() failed", we);
-
- throw restErrorUtil.createRESTException(we.getMessage());
+ } catch (WebApplicationException excp) {
+ throw excp;
} catch (Throwable ex) {
LOG.error("getDatasets() failed", ex);
@@ -294,6 +314,142 @@ public class GdsREST {
return ret;
}
+ @POST
+ @Path(("/dataset/{id}/policy"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.DATASET_POLICY + "\")")
+ public RangerPolicy addDatasetPolicy(@PathParam("id") Long datasetId,
RangerPolicy policy) {
+ LOG.debug("==> GdsREST.addDatasetPolicy({}, {})", datasetId, policy);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.addDatasetPolicy()");
+
+ try {
+ ret = gdsStore.addDatasetPolicy(datasetId, policy);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("addDatasetPolicy({}) failed", datasetId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.addDatasetPolicy({}, {}): ret={}", datasetId,
policy, ret);
+
+ return ret;
+ }
+
+ @PUT
+ @Path(("/dataset/{id}/policy/{policyId}"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.DATASET_POLICY + "\")")
+ public RangerPolicy updateDatasetPolicy(@PathParam("id") Long datasetId,
@PathParam("policyId") Long policyId, RangerPolicy policy) {
+ LOG.debug("==> GdsREST.updateDatasetPolicy({}, {})", datasetId,
policy);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.updateDatasetPolicy()");
+
+ try {
+ policy.setId(policyId);
+ ret = gdsStore.updateDatasetPolicy(datasetId, policy);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("updateDatasetPolicy({}) failed", datasetId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.updateDatasetPolicy({}, {}): ret={}",
datasetId, policy, ret);
+
+ return ret;
+ }
+
+ @DELETE
+ @Path(("/dataset/{id}/policy/{policyId}"))
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.DATASET_POLICY + "\")")
+ public void deleteDatasetPolicy(@PathParam("id") Long datasetId,
@PathParam("policyId") Long policyId) {
+ LOG.debug("==> GdsREST.deleteDatasetPolicy({}, {})", datasetId,
policyId);
+
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.deleteDatasetPolicy()");
+
+ try {
+ gdsStore.deleteDatasetPolicy(datasetId, policyId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("deleteDatasetPolicy({}, {}) failed", datasetId,
policyId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.deleteDatasetPolicy({}, {})", datasetId,
policyId);
+ }
+
+ @GET
+ @Path(("/dataset/{id}/policy/{policyId}"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.DATASET_POLICY + "\")")
+ public RangerPolicy getDatasetPolicy(@PathParam("id") Long datasetId,
@PathParam("policyId") Long policyId) {
+ LOG.debug("==> GdsREST.getDatasetPolicy({}, {})", datasetId, policyId);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.getDatasetPolicy()");
+
+ try {
+ ret = gdsStore.getDatasetPolicy(datasetId, policyId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getDatasetPolicy({}, {}) failed", datasetId, policyId,
excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.getDatasetPolicy({}, {}): ret={}", datasetId,
policyId, ret);
+
+ return ret;
+ }
+
+ @GET
+ @Path(("/dataset/{id}/policy"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.DATASET_POLICY + "\")")
+ public List<RangerPolicy> getDatasetPolicies(@PathParam("id") Long
datasetId, @Context HttpServletRequest request) {
+ LOG.debug("==> GdsREST.getDatasetPolicies({})", datasetId);
+
+ List<RangerPolicy> ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.getDatasetPolicies()");
+
+ try {
+ ret = gdsStore.getDatasetPolicies(datasetId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getDatasetPolicies({}) failed", datasetId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.getDatasetPolicies({}): ret={}", datasetId,
ret);
+
+ return ret;
+ }
+
@POST
@Path("/project")
@Consumes({ "application/json" })
@@ -438,7 +594,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchProjects()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
projectService.sortFields);
ret = gdsStore.searchProjects(filter);
} catch(WebApplicationException excp) {
@@ -472,7 +628,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchProjects()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
projectService.sortFields);
ret = gdsStore.getProjectNames(filter);
} catch(WebApplicationException excp) {
@@ -490,6 +646,142 @@ public class GdsREST {
return ret;
}
+ @POST
+ @Path(("/project/{id}/policy"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.PROJECT_POLICY + "\")")
+ public RangerPolicy addProjectPolicy(@PathParam("id") Long projectId,
RangerPolicy policy) {
+ LOG.debug("==> GdsREST.addProjectPolicy({}, {})", projectId, policy);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.addProjectPolicy()");
+
+ try {
+ ret = gdsStore.addProjectPolicy(projectId, policy);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("addProjectPolicy({}) failed", projectId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.addProjectPolicy({}, {}): ret={}", projectId,
policy, ret);
+
+ return ret;
+ }
+
+ @PUT
+ @Path(("/project/{id}/policy/{policyId}"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.PROJECT_POLICY + "\")")
+ public RangerPolicy updateProjectPolicy(@PathParam("id") Long projectId,
@PathParam("policyId") Long policyId, RangerPolicy policy) {
+ LOG.debug("==> GdsREST.updateProjectPolicy({}, {})", projectId,
policy);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.updateProjectPolicy()");
+
+ try {
+ policy.setId(policyId);
+ ret = gdsStore.updateProjectPolicy(projectId, policy);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("updateProjectPolicy({}) failed", projectId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.updateProjectPolicy({}, {}): ret={}",
projectId, policy, ret);
+
+ return ret;
+ }
+
+ @DELETE
+ @Path(("/project/{id}/policy/{policyId}"))
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.PROJECT_POLICY + "\")")
+ public void deleteProjectPolicy(@PathParam("id") Long projectId,
@PathParam("policyId") Long policyId) {
+ LOG.debug("==> GdsREST.deleteProjectPolicy({}, {})", projectId,
policyId);
+
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.deleteProjectPolicy()");
+
+ try {
+ gdsStore.deleteProjectPolicy(projectId, policyId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("deleteProjectPolicy({}, {}) failed", projectId,
policyId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.deleteProjectPolicy({}, {})", projectId,
policyId);
+ }
+
+ @GET
+ @Path(("/project/{id}/policy/{policyId}"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.PROJECT_POLICY + "\")")
+ public RangerPolicy getProjectPolicy(@PathParam("id") Long projectId,
@PathParam("policyId") Long policyId) {
+ LOG.debug("==> GdsREST.getProjectPolicy({}, {})", projectId, policyId);
+
+ RangerPolicy ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.getProjectPolicy()");
+
+ try {
+ ret = gdsStore.getProjectPolicy(projectId, policyId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getProjectPolicy({}, {}) failed", projectId, policyId,
excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.getProjectPolicy({}, {}): ret={}", projectId,
policyId, ret);
+
+ return ret;
+ }
+
+ @GET
+ @Path(("/project/{id}/policy"))
+ @Consumes({ "application/json" })
+ @Produces({ "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.PROJECT_POLICY + "\")")
+ public List<RangerPolicy> getProjectPolicies(@PathParam("id") Long
projectId, @Context HttpServletRequest request) {
+ LOG.debug("==> GdsREST.getProjectPolicies({})", projectId);
+
+ List<RangerPolicy> ret;
+ RangerPerfTracer perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.getProjectPolicies()");
+
+ try {
+ ret = gdsStore.getProjectPolicies(projectId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getProjectPolicies({}) failed", projectId, excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== GdsREST.getProjectPolicies({}): ret={}", projectId,
ret);
+
+ return ret;
+ }
+
@POST
@Path("/datashare")
@Consumes({ "application/json" })
@@ -637,7 +929,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchDataShares()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
dataShareService.sortFields);
ret = gdsStore.searchDataShares(filter);
} catch(WebApplicationException excp) {
@@ -799,7 +1091,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchSharedResources()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
sharedResourceService.sortFields);
ret = gdsStore.searchSharedResources(filter);
} catch(WebApplicationException excp) {
@@ -958,7 +1250,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchDataShareInDatasets()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
dshidService.sortFields);
ret = gdsStore.searchDataShareInDatasets(filter);
} catch(WebApplicationException excp) {
@@ -1118,7 +1410,7 @@ public class GdsREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"GdsREST.searchDatasetInProjects()");
}
- filter = searchUtil.getSearchFilter(request,
datasetService.sortFields);
+ filter = searchUtil.getSearchFilter(request,
dipService.sortFields);
ret = gdsStore.searchDatasetInProjects(filter);
} catch(WebApplicationException excp) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 28ab36bad..76e38241f 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -160,6 +160,8 @@ import com.google.gson.JsonSyntaxException;
import com.sun.jersey.core.header.FormDataContentDisposition;
import com.sun.jersey.multipart.FormDataParam;
+import static
org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME;
+
@Path("plugins")
@Component
@@ -779,7 +781,7 @@ public class ServiceREST {
String serviceType = xxServiceDef != null ?
xxServiceDef.getName() : null;
if
(!StringUtils.equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME,
serviceType) &&
-
!StringUtils.equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME,
serviceType) &&
+
!StringUtils.equals(EMBEDDED_SERVICEDEF_GDS_NAME, serviceType) &&
!StringUtils.equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME ,
serviceType)) {
createOrGetLinkedServices(service);
}
@@ -1270,6 +1272,7 @@ public class ServiceREST {
if(policyUpdated) {
policy.setZoneName(zoneName);
+
ensureAdminAccess(policy);
svcStore.updatePolicy(policy);
} else {
LOG.error("processGrantRequest processing failed");
@@ -1310,6 +1313,7 @@ public class ServiceREST {
policy.getPolicyItems().add(policyItem);
policy.setZoneName(zoneName);
+ ensureAdminAccess(policy);
svcStore.createPolicy(policy);
}
} catch(WebApplicationException excp) {
@@ -1342,6 +1346,7 @@ public class ServiceREST {
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
+
bizUtil.blockAuditorRoleUser();
if(grantRequest != null) {
@@ -1387,6 +1392,9 @@ public class ServiceREST {
if(policyUpdated) {
policy.setZoneName(zoneName);
+
+
ensureAdminAccess(policy);
+
svcStore.updatePolicy(policy);
} else {
LOG.error("processSecureGrantRequest processing failed");
@@ -1427,6 +1435,8 @@ public class ServiceREST {
policy.getPolicyItems().add(policyItem);
policy.setZoneName(zoneName);
+
ensureAdminAccess(policy);
+
svcStore.createPolicy(policy);
}
}else{
@@ -1463,6 +1473,7 @@ public class ServiceREST {
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
+
if(revokeRequest!=null){
if
(serviceUtil.isValidateHttpsAuthentication(serviceName,request)) {
@@ -1508,6 +1519,9 @@ public class ServiceREST {
if(policyUpdated) {
policy.setZoneName(zoneName);
+
+
ensureAdminAccess(policy);
+
svcStore.updatePolicy(policy);
} else {
LOG.error("processRevokeRequest processing failed");
@@ -1544,6 +1558,7 @@ public class ServiceREST {
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
+
bizUtil.blockAuditorRoleUser();
if (revokeRequest != null) {
@@ -1590,6 +1605,9 @@ public class ServiceREST {
if(policyUpdated) {
policy.setZoneName(zoneName);
+
+
ensureAdminAccess(policy);
+
svcStore.updatePolicy(policy);
} else {
LOG.error("processSecureRevokeRequest processing failed");
@@ -1634,6 +1652,7 @@ public class ServiceREST {
if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"ServiceREST.createPolicy(policyName=" + policy.getName() + ")");
}
+
if(request != null) {
boolean
deleteIfExists=("true".equalsIgnoreCase(StringUtils.trimToEmpty(request.getParameter(PARAM_DELETE_IF_EXISTS))))
? true : false ;
if(deleteIfExists) {
@@ -1713,7 +1732,6 @@ public class ServiceREST {
RangerPolicy ret = null;
if (policy != null &&
StringUtils.isNotBlank(policy.getService())) {
-
try {
final RangerPolicy existingPolicy;
@@ -1821,7 +1839,8 @@ public class ServiceREST {
validator.validate(policy, Action.UPDATE,
bizUtil.isAdmin() || isServiceAdmin(policy.getService()) ||
isZoneAdmin(policy.getZoneName()));
ensureAdminAccess(policy);
- bizUtil.blockAuditorRoleUser();
+ bizUtil.blockAuditorRoleUser();
+
ret = svcStore.updatePolicy(policy);
} catch(WebApplicationException excp) {
throw excp;
@@ -3665,6 +3684,8 @@ public class ServiceREST {
}
void ensureAdminAccess(RangerPolicy policy) {
+ blockIfGdsService(policy.getService());
+
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
String userName = bizUtil.getCurrentUserLoginId();
@@ -3709,6 +3730,14 @@ public class ServiceREST {
}
}
+ public void blockIfGdsService(String serviceName) {
+ String serviceType =
daoManager.getXXServiceDef().findServiceDefTypeByServiceName(serviceName);
+
+ if (EMBEDDED_SERVICEDEF_GDS_NAME.equals(serviceType)) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
EMBEDDED_SERVICEDEF_GDS_NAME.toUpperCase() + " policies can't be managed via
this API", true);
+ }
+ }
+
private RangerPolicyEngineOptions
getDelegatedAdminPolicyEngineOptions() {
RangerPolicyEngineOptions opts = new
RangerPolicyEngineOptions();
@@ -4265,20 +4294,20 @@ public class ServiceREST {
}
};
- Runnable createAndLinkGdsServiceTask = new Runnable() {
+ Runnable createGdsServiceTask = new Runnable() {
@Override
public void run() {
- final LinkedServiceCreator creator = new
LinkedServiceCreator(resourceService.getName(),
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME);
+ final LinkedServiceCreator creator = new
LinkedServiceCreator(resourceService.getName(), EMBEDDED_SERVICEDEF_GDS_NAME,
ServiceDBStore.GDS_SERVICE_NAME, true, false);
creator.doCreateAndLinkService();
}
};
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndLinkTagServiceTask);
-
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createAndLinkGdsServiceTask);
+
rangerTransactionSynchronizationAdapter.executeOnTransactionCommit(createGdsServiceTask);
if (LOG.isDebugEnabled()) {
- LOG.debug("<== createOrGetTagService(resourceService="
+ resourceService.getName() + ")");
+ LOG.debug("<==
createOrGetLinkedServices(resourceService=" + resourceService.getName() + ")");
}
}
@@ -4299,6 +4328,14 @@ public class ServiceREST {
this.isAutoLink = config.getBoolean("ranger."
+ linkedServiceType + "service.auto.link", true);
}
+ LinkedServiceCreator(@Nonnull String resourceServiceName,
@Nonnull String linkedServiceType, String linkedServiceName, boolean
autoCreate, boolean autoLink) {
+ this.resourceServiceName = resourceServiceName;
+ this.linkedServiceType = linkedServiceType;
+ this.linkedServiceName = linkedServiceName;
+ this.isAutoCreate = autoCreate;
+ this.isAutoLink = autoLink;
+ }
+
void doCreateAndLinkService() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> doCreateAndLinkService()");
@@ -4379,16 +4416,6 @@ public class ServiceREST {
RangerService service =
svcStore.updateService(resourceService, null);
- LOG.info("Updated
resource-service:[" + service.getName() + "]");
- }
- } else if
(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME.equals(linkedServiceType))
{
- if
(!StringUtils.equals(linkedService.getName(), resourceService.getGdsService()))
{
-
resourceService.setGdsService(linkedService.getName());
-
- LOG.info("Linking
resource-service[" + resourceService.getName() + "] with gds-service [" +
linkedService.getName() + "]");
-
- RangerService service =
svcStore.updateService(resourceService, null);
-
LOG.info("Updated
resource-service:[" + service.getName() + "]");
}
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
index b22208773..dede14dfd 100755
---
a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
+++
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
@@ -223,6 +223,7 @@ public class RangerAPIList {
public static final String GET_DATASET = "GdsREST.getDataset";
public static final String SEARCH_DATASETS =
"GdsREST.searchDatasets";
public static final String LIST_DATASET_NAMES =
"GdsREST.listDatasetNames";
+ public static final String DATASET_POLICY =
"GdsREST.datasetPolicy";
public static final String CREATE_PROJECT =
"GdsREST.createProject";
public static final String UPDATE_PROJECT =
"GdsREST.updateProject";
@@ -230,6 +231,7 @@ public class RangerAPIList {
public static final String GET_PROJECT = "GdsREST.getProject";
public static final String SEARCH_PROJECTS =
"GdsREST.searchProjects";
public static final String LIST_PROJECT_NAMES =
"GdsREST.listProjectNames";
+ public static final String PROJECT_POLICY =
"GdsREST.projectPolicy";
public static final String CREATE_DATA_SHARE =
"GdsREST.createDataShare";
public static final String UPDATE_DATA_SHARE =
"GdsREST.updateDataShare";
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
index 2a28eeb63..0f0c97759 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefServiceBase.java
@@ -617,7 +617,9 @@ public abstract class RangerServiceDefServiceBase<T extends
XXServiceDefBase, V
List<T> permittedServiceDefs = new ArrayList<T>();
for (T xSvcDef : xSvcDefList) {
if ((bizUtil.hasAccess(xSvcDef, null) ||
(bizUtil.isAdmin() && isAuditPage)) || ("true".equals(denyCondition))) {
- permittedServiceDefs.add(xSvcDef);
+ if (!bizUtil.isGdsServiceDef(xSvcDef)) {
+ permittedServiceDefs.add(xSvcDef);
+ }
}
}
if (!permittedServiceDefs.isEmpty()) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index 8ec558881..9bf7868d0 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -267,11 +267,6 @@ public class RangerServiceService extends
RangerServiceServiceBase<XXService, Ra
RangerService oldService =
this.populateViewBean(mObj);
oldValue=oldService.getTagService();
}
- } else if
("gdsService".equalsIgnoreCase(fieldName)) {
- if(!StringUtils.isEmpty(oldValue) &&
!"null".equalsIgnoreCase(oldValue)){
- RangerService oldService =
this.populateViewBean(mObj);
- oldValue =
oldService.getGdsService();
- }
}
if (oldValue == null ||
value.equalsIgnoreCase(oldValue)) {
return null;
@@ -348,8 +343,6 @@ public class RangerServiceService extends
RangerServiceServiceBase<XXService, Ra
serviceVersionInfo.setPolicyUpdateTime(now);
serviceVersionInfo.setTagUpdateTime(now);
serviceVersionInfo.setRoleUpdateTime(now);
- serviceVersionInfo.setGdsVersion(1L);
- serviceVersionInfo.setGdsUpdateTime(now);
XXServiceVersionInfoDao serviceVersionInfoDao =
daoMgr.getXXServiceVersionInfo();
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
index 5c9591f63..fa23b96d7 100755
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceServiceBase.java
@@ -72,6 +72,7 @@ public abstract class RangerServiceServiceBase<T extends
XXServiceBase, V extend
xObj.setGuid(guid);
XXServiceDef xServiceDef =
daoMgr.getXXServiceDef().findByName(vObj.getType());
+
if(xServiceDef == null) {
throw restErrorUtil.createRESTException(
"No ServiceDefinition found with name
:" + vObj.getType(),
@@ -92,27 +93,10 @@ public abstract class RangerServiceServiceBase<T extends
XXServiceBase, V extend
tagServiceId = xTagService.getId();
}
- Long gdsServiceId = null;
- String gdsServiceName = vObj.getGdsService();
-
- if (StringUtils.isNotBlank(gdsServiceName)) {
- XXService xGdsService =
daoMgr.getXXService().findByName(gdsServiceName);
-
- if (xGdsService == null) {
- throw restErrorUtil.createRESTException(
- "No Service found with name :"
+ gdsServiceName,
-
MessageEnums.INVALID_INPUT_DATA);
- }
-
- gdsServiceId = xGdsService.getId();
- }
-
xObj.setType(xServiceDef.getId());
xObj.setName(vObj.getName());
xObj.setDisplayName(vObj.getDisplayName());
xObj.setTagService(tagServiceId);
- xObj.setGdsService(gdsServiceId);
-
if (OPERATION_CONTEXT == OPERATION_CREATE_CONTEXT) {
xObj.setTagVersion(vObj.getTagVersion());
}
@@ -125,7 +109,6 @@ public abstract class RangerServiceServiceBase<T extends
XXServiceBase, V extend
protected V mapEntityToViewBean(V vObj, T xObj) {
XXServiceDef xServiceDef =
daoMgr.getXXServiceDef().getById(xObj.getType());
XXService xTagService = xObj.getTagService() != null ?
daoMgr.getXXService().getById(xObj.getTagService()) : null;
- XXService xGdsService = xObj.getGdsService() != null ?
daoMgr.getXXService().getById(xObj.getGdsService()) : null;
vObj.setType(xServiceDef.getName());
vObj.setGuid(xObj.getGuid());
vObj.setVersion(xObj.getVersion());
@@ -133,15 +116,12 @@ public abstract class RangerServiceServiceBase<T extends
XXServiceBase, V extend
vObj.setDisplayName(xObj.getDisplayName());
vObj.setDescription(xObj.getDescription());
vObj.setTagService(xTagService != null ? xTagService.getName()
: null);
- vObj.setGdsService(xGdsService != null ? xGdsService.getName()
: null);
XXServiceVersionInfo versionInfoObj =
daoMgr.getXXServiceVersionInfo().findByServiceId(xObj.getId());
if (versionInfoObj != null) {
vObj.setPolicyVersion(versionInfoObj.getPolicyVersion());
vObj.setTagVersion(versionInfoObj.getTagVersion());
vObj.setPolicyUpdateTime(versionInfoObj.getPolicyUpdateTime());
vObj.setTagUpdateTime(versionInfoObj.getTagUpdateTime());
- vObj.setGdsVersion(versionInfoObj.getGdsVersion());
-
vObj.setGdsUpdateTime(versionInfoObj.getGdsUpdateTime());
} else {
vObj.setPolicyVersion(xObj.getPolicyVersion());
vObj.setTagVersion(xObj.getTagVersion());
@@ -165,7 +145,9 @@ public abstract class RangerServiceServiceBase<T extends
XXServiceBase, V extend
for (T xSvc : xSvcList) {
if(bizUtil.hasAccess(xSvc, null)){
- permittedServices.add(xSvc);
+ if (!bizUtil.isGdsService(xSvc)) {
+ permittedServices.add(xSvc);
+ }
}
}
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 41a9bfef6..be4bfee71 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -694,8 +694,11 @@
<query>select obj.id from XXService obj where obj.tagService =
:tagServiceId</query>
</named-query>
- <named-query name="XXService.findIdsByGdsServiceId">
- <query>select obj.id from XXService obj where obj.gdsService =
:gdsServiceId</query>
+ <named-query name="XXService.findIdsExcludingServiceTypes">
+ <query>SELECT obj.id
+ FROM XXService obj
+ JOIN XXServiceDef sd ON sd.id = obj.type
+ WHERE sd.name NOT IN :excludedServiceTypes</query>
</named-query>
<named-query name="XXService.findAssociatedTagService">
@@ -2263,4 +2266,28 @@
WHERE obj.datasetId = :datasetId
GROUP BY obj.status</query>
</named-query>
+
+ <named-query name="XXGdsDatasetPolicyMap.getDatasetPolicyMap">
+ <query>SELECT obj FROM XXGdsDatasetPolicyMap obj WHERE
obj.datasetId = :datasetId AND obj.policyId = :policyId</query>
+ </named-query>
+
+ <named-query name="XXGdsDatasetPolicyMap.getDatasetPolicyMaps">
+ <query>SELECT obj FROM XXGdsDatasetPolicyMap obj WHERE
obj.datasetId = :datasetId</query>
+ </named-query>
+
+ <named-query name="XXGdsDatasetPolicyMap.getDatasetPolicyIds">
+ <query>SELECT obj.policyId FROM XXGdsDatasetPolicyMap obj WHERE
obj.datasetId = :datasetId</query>
+ </named-query>
+
+ <named-query name="XXGdsProjectPolicyMap.getProjectPolicyMap">
+ <query>SELECT obj FROM XXGdsProjectPolicyMap obj WHERE
obj.projectId = :projectId AND obj.policyId = :policyId</query>
+ </named-query>
+
+ <named-query name="XXGdsProjectPolicyMap.getProjectPolicyMaps">
+ <query>SELECT obj FROM XXGdsProjectPolicyMap obj WHERE
obj.projectId = :projectId</query>
+ </named-query>
+
+ <named-query name="XXGdsProjectPolicyMap.getProjectPolicyIds">
+ <query>SELECT obj.policyId FROM XXGdsProjectPolicyMap obj WHERE
obj.projectId = :projectId</query>
+ </named-query>
</entity-mappings>
