This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new ef19f0a8c RANGER-4447: added API to get security-zone summary ef19f0a8c is described below commit ef19f0a8ccfaefc6e9cd75416e7c575e5d528505 Author: Subhrat Chaudhary <such...@yahoo.com> AuthorDate: Thu Oct 5 02:49:04 2023 -0700 RANGER-4447: added API to get security-zone summary Signed-off-by: Madhan Neethiraj <mad...@apache.org> --- .../ranger/plugin/model/RangerSecurityZone.java | 114 +++++++++++++++++++++ .../org/apache/ranger/biz/SecurityZoneDBStore.java | 103 +++++++++++++++++++ .../org/apache/ranger/rest/SecurityZoneREST.java | 35 ++++++- 3 files changed, 250 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java index 47f8041b7..4ea6cdee6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java @@ -19,6 +19,8 @@ package org.apache.ranger.plugin.model; +import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType; + import org.codehaus.jackson.annotate.JsonAutoDetect; import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.map.annotate.JsonSerialize; @@ -206,5 +208,117 @@ public class RangerSecurityZone extends RangerBaseModelObject implements java.io return sb.toString(); } } + + @JsonAutoDetect(fieldVisibility=JsonAutoDetect.Visibility.ANY) + @JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY) + @JsonIgnoreProperties(ignoreUnknown=true) + public static class SecurityZoneSummary extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name; + private String description; + private Long totalResourceCount; + private Map<PrincipalType, Integer> adminCount; + private Map<PrincipalType, Integer> auditorCount; + private List<String> tagServices; + private List<ZoneServiceSummary> services; + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getDescription() { + return description; + } + + public void setDescription(String description) { + this.description = description; + } + + public Long getTotalResourceCount() { + return totalResourceCount; + } + + public void setTotalResourceCount(Long totalResourceCount) { + this.totalResourceCount = totalResourceCount; + } + + public Map<PrincipalType, Integer> getAdminCount() { + return adminCount; + } + + public void setAdminCount(Map<PrincipalType, Integer> adminCount) { + this.adminCount = adminCount; + } + + public Map<PrincipalType, Integer> getAuditorCount() { + return auditorCount; + } + + public void setAuditorCount(Map<PrincipalType, Integer> auditorCount) { + this.auditorCount = auditorCount; + } + + public List<String> getTagServices() { + return tagServices; + } + + public void setTagServices(List<String> tagServices) { + this.tagServices = tagServices; + } + + public List<ZoneServiceSummary> getServices() { + return services; + } + + public void setServices(List<ZoneServiceSummary> services) { + this.services = services; + } + } + + public static class ZoneServiceSummary implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private Long id; + private String name; + private String type; + private Long resourceCount; + + public Long getId() { + return id; + } + + public void setId(Long id) { + this.id = id; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + public Long getResourceCount() { + return resourceCount; + } + + public void setResourceCount(Long resourceCount) { + this.resourceCount = resourceCount; + } + } } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java index 3cecfbc2f..77b89f1fb 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java @@ -19,6 +19,7 @@ package org.apache.ranger.biz; import java.io.IOException; import java.util.ArrayList; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -26,17 +27,25 @@ import java.util.Map; import javax.annotation.PostConstruct; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXSecurityZone; +import org.apache.ranger.entity.XXService; +import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.plugin.model.RangerSecurityZone; import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; +import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType; +import org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService; +import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary; +import org.apache.ranger.plugin.model.RangerSecurityZone.ZoneServiceSummary; import org.apache.ranger.plugin.store.AbstractPredicateUtil; +import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.store.SecurityZonePredicateUtil; import org.apache.ranger.plugin.store.SecurityZoneStore; import org.apache.ranger.plugin.util.SearchFilter; @@ -71,6 +80,9 @@ public class SecurityZoneDBStore implements SecurityZoneStore { AbstractPredicateUtil predicateUtil = null; + @Autowired + ServiceMgr serviceMgr; + public void init() throws Exception {} @PostConstruct @@ -252,4 +264,95 @@ public class SecurityZoneDBStore implements SecurityZoneStore { } return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId,isTagService); } + + public PList<SecurityZoneSummary> getZonesSummary(SearchFilter filter) throws Exception { + int maxRows = filter.getMaxRows(); + int startIndex = filter.getStartIndex(); + + filter.setStartIndex(0); + filter.setMaxRows(0); + + List<RangerSecurityZone> securityZones = getSecurityZones(filter); + List<SecurityZoneSummary> summaryList = new ArrayList<>(); + + for (RangerSecurityZone securityZone : securityZones) { + if (serviceMgr.isZoneAdmin(securityZone.getName()) || serviceMgr.isZoneAuditor(securityZone.getName())) { + summaryList.add(toSecurityZoneSummary(securityZone)); + } + } + + List<SecurityZoneSummary> paginatedList; + + if (summaryList.size() > startIndex) { + int endIndex = Math.min((startIndex + maxRows), summaryList.size()); + + paginatedList = summaryList.subList(startIndex, endIndex); + } else { + paginatedList = Collections.emptyList(); + } + + PList<SecurityZoneSummary> ret = new PList<>(paginatedList, startIndex, maxRows, summaryList.size(), paginatedList.size(), filter.getSortType(), filter.getSortBy()); + + return ret; + } + + private SecurityZoneSummary toSecurityZoneSummary(RangerSecurityZone securityZone) { + SecurityZoneSummary ret = new SecurityZoneSummary(); + + ret.setId(securityZone.getId()); + ret.setName(securityZone.getName()); + ret.setDescription(securityZone.getDescription()); + ret.setGuid(securityZone.getGuid()); + ret.setCreateTime(securityZone.getCreateTime()); + ret.setUpdateTime(securityZone.getUpdateTime()); + ret.setCreatedBy(securityZone.getCreatedBy()); + ret.setUpdatedBy(securityZone.getUpdatedBy()); + ret.setVersion(ret.getVersion()); + ret.setIsEnabled(securityZone.getIsEnabled()); + ret.setTagServices(securityZone.getTagServices()); + + Map<PrincipalType, Integer> adminCount = new HashMap<>(); + Map<PrincipalType, Integer> auditorCount = new HashMap<>(); + + adminCount.put(PrincipalType.USER, securityZone.getAdminUsers().size()); + adminCount.put(PrincipalType.GROUP, securityZone.getAdminUserGroups().size()); + adminCount.put(PrincipalType.ROLE, securityZone.getAdminRoles().size()); + + auditorCount.put(PrincipalType.USER, securityZone.getAuditUsers().size()); + auditorCount.put(PrincipalType.GROUP, securityZone.getAuditUserGroups().size()); + auditorCount.put(PrincipalType.ROLE, securityZone.getAuditRoles().size()); + + ret.setAdminCount(adminCount); + ret.setAuditorCount(auditorCount); + + List<ZoneServiceSummary> services = getSecurityZoneServiceSummary(securityZone); + + ret.setServices(services); + ret.setTotalResourceCount(services.stream().mapToLong(ZoneServiceSummary::getResourceCount).sum()); + + return ret; + } + + private List<ZoneServiceSummary> getSecurityZoneServiceSummary(RangerSecurityZone securityZone) { + List<ZoneServiceSummary> ret = new ArrayList<>(); + + if(MapUtils.isNotEmpty(securityZone.getServices())) { + for(Map.Entry<String, RangerSecurityZoneService> entry : securityZone.getServices().entrySet()) { + String serviceName = entry.getKey(); + RangerSecurityZoneService zoneService = entry.getValue(); + XXService xService = daoMgr.getXXService().findByName(serviceName); + XXServiceDef serviceDef = daoMgr.getXXServiceDef().getById(xService.getType()); + ZoneServiceSummary summary = new ZoneServiceSummary(); + + summary.setId(xService.getId()); + summary.setName(serviceName); + summary.setType(serviceDef.getName()); + summary.setResourceCount((long)zoneService.getResources().size()); + + ret.add(summary); + } + } + + return ret; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java index 5c1438c5b..f45cdd396 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java @@ -62,6 +62,7 @@ import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.plugin.model.RangerSecurityZone; import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; import org.apache.ranger.plugin.model.RangerSecurityZoneV2; +import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary; import org.apache.ranger.plugin.model.validation.RangerSecurityZoneValidator; import org.apache.ranger.plugin.model.validation.RangerValidator; import org.apache.ranger.plugin.store.PList; @@ -110,10 +111,10 @@ public class SecurityZoneREST { @Autowired RangerValidatorFactory validatorFactory; - + @Autowired RangerBizUtil bizUtil; - + @Autowired ServiceREST serviceRest; @@ -420,6 +421,36 @@ public class SecurityZoneREST { return ret; } + @GET + @Path("/summary") + @Produces({ "application/json" }) + public PList<SecurityZoneSummary> getZonesSummary(@Context HttpServletRequest request) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> getZonesSummary()"); + } + + if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) { + throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION); + } + + PList<SecurityZoneSummary> ret = null; + SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields); + try { + ret = securityZoneStore.getZonesSummary(filter); + } catch (WebApplicationException excp) { + throw excp; + } catch (Throwable excp) { + LOG.error("getZonesSummary() failed", excp); + + throw restErrorUtil.createRESTException(excp.getMessage()); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== getZonesSummary():" + ret); + } + return ret; + } + public RangerSecurityZoneV2 createSecurityZone(RangerSecurityZoneV2 securityZone) { LOG.debug("==> createSecurityZone({})", securityZone);