This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch RANGER-3923
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push:
new bb2ee37f9 RANGER-4447: added API to get security-zone summary
bb2ee37f9 is described below
commit bb2ee37f98f349818cfca27aedebecb48d06f0b6
Author: Subhrat Chaudhary <[email protected]>
AuthorDate: Thu Oct 5 02:49:04 2023 -0700
RANGER-4447: added API to get security-zone summary
Signed-off-by: Madhan Neethiraj <[email protected]>
(cherry picked from commit ef19f0a8ccfaefc6e9cd75416e7c575e5d528505)
---
.../ranger/plugin/model/RangerSecurityZone.java | 114 +++++++++++++++++++++
.../org/apache/ranger/biz/SecurityZoneDBStore.java | 103 +++++++++++++++++++
.../org/apache/ranger/rest/SecurityZoneREST.java | 35 ++++++-
3 files changed, 250 insertions(+), 2 deletions(-)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
index 47f8041b7..4ea6cdee6 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZone.java
@@ -19,6 +19,8 @@
package org.apache.ranger.plugin.model;
+import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
+
import org.codehaus.jackson.annotate.JsonAutoDetect;
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
import org.codehaus.jackson.map.annotate.JsonSerialize;
@@ -206,5 +208,117 @@ public class RangerSecurityZone extends
RangerBaseModelObject implements java.io
return sb.toString();
}
}
+
+ @JsonAutoDetect(fieldVisibility=JsonAutoDetect.Visibility.ANY)
+ @JsonSerialize(include=JsonSerialize.Inclusion.NON_EMPTY)
+ @JsonIgnoreProperties(ignoreUnknown=true)
+ public static class SecurityZoneSummary extends RangerBaseModelObject
implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name;
+ private String description;
+ private Long totalResourceCount;
+ private Map<PrincipalType, Integer> adminCount;
+ private Map<PrincipalType, Integer> auditorCount;
+ private List<String> tagServices;
+ private List<ZoneServiceSummary> services;
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getDescription() {
+ return description;
+ }
+
+ public void setDescription(String description) {
+ this.description = description;
+ }
+
+ public Long getTotalResourceCount() {
+ return totalResourceCount;
+ }
+
+ public void setTotalResourceCount(Long totalResourceCount) {
+ this.totalResourceCount = totalResourceCount;
+ }
+
+ public Map<PrincipalType, Integer> getAdminCount() {
+ return adminCount;
+ }
+
+ public void setAdminCount(Map<PrincipalType, Integer> adminCount) {
+ this.adminCount = adminCount;
+ }
+
+ public Map<PrincipalType, Integer> getAuditorCount() {
+ return auditorCount;
+ }
+
+ public void setAuditorCount(Map<PrincipalType, Integer> auditorCount) {
+ this.auditorCount = auditorCount;
+ }
+
+ public List<String> getTagServices() {
+ return tagServices;
+ }
+
+ public void setTagServices(List<String> tagServices) {
+ this.tagServices = tagServices;
+ }
+
+ public List<ZoneServiceSummary> getServices() {
+ return services;
+ }
+
+ public void setServices(List<ZoneServiceSummary> services) {
+ this.services = services;
+ }
+ }
+
+ public static class ZoneServiceSummary implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private Long id;
+ private String name;
+ private String type;
+ private Long resourceCount;
+
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getType() {
+ return type;
+ }
+
+ public void setType(String type) {
+ this.type = type;
+ }
+
+ public Long getResourceCount() {
+ return resourceCount;
+ }
+
+ public void setResourceCount(Long resourceCount) {
+ this.resourceCount = resourceCount;
+ }
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
index 3cecfbc2f..77b89f1fb 100644
---
a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
+++
b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
@@ -19,6 +19,7 @@ package org.apache.ranger.biz;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -26,17 +27,25 @@ import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
+import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
+import
org.apache.ranger.plugin.model.RangerSecurityZone.RangerSecurityZoneService;
+import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary;
+import org.apache.ranger.plugin.model.RangerSecurityZone.ZoneServiceSummary;
import org.apache.ranger.plugin.store.AbstractPredicateUtil;
+import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.store.SecurityZonePredicateUtil;
import org.apache.ranger.plugin.store.SecurityZoneStore;
import org.apache.ranger.plugin.util.SearchFilter;
@@ -71,6 +80,9 @@ public class SecurityZoneDBStore implements SecurityZoneStore
{
AbstractPredicateUtil predicateUtil = null;
+ @Autowired
+ ServiceMgr serviceMgr;
+
public void init() throws Exception {}
@PostConstruct
@@ -252,4 +264,95 @@ public class SecurityZoneDBStore implements
SecurityZoneStore {
}
return
daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId,isTagService);
}
+
+ public PList<SecurityZoneSummary> getZonesSummary(SearchFilter filter)
throws Exception {
+ int maxRows = filter.getMaxRows();
+ int startIndex = filter.getStartIndex();
+
+ filter.setStartIndex(0);
+ filter.setMaxRows(0);
+
+ List<RangerSecurityZone> securityZones = getSecurityZones(filter);
+ List<SecurityZoneSummary> summaryList = new ArrayList<>();
+
+ for (RangerSecurityZone securityZone : securityZones) {
+ if (serviceMgr.isZoneAdmin(securityZone.getName()) ||
serviceMgr.isZoneAuditor(securityZone.getName())) {
+ summaryList.add(toSecurityZoneSummary(securityZone));
+ }
+ }
+
+ List<SecurityZoneSummary> paginatedList;
+
+ if (summaryList.size() > startIndex) {
+ int endIndex = Math.min((startIndex + maxRows),
summaryList.size());
+
+ paginatedList = summaryList.subList(startIndex, endIndex);
+ } else {
+ paginatedList = Collections.emptyList();
+ }
+
+ PList<SecurityZoneSummary> ret = new PList<>(paginatedList,
startIndex, maxRows, summaryList.size(), paginatedList.size(),
filter.getSortType(), filter.getSortBy());
+
+ return ret;
+ }
+
+ private SecurityZoneSummary toSecurityZoneSummary(RangerSecurityZone
securityZone) {
+ SecurityZoneSummary ret = new SecurityZoneSummary();
+
+ ret.setId(securityZone.getId());
+ ret.setName(securityZone.getName());
+ ret.setDescription(securityZone.getDescription());
+ ret.setGuid(securityZone.getGuid());
+ ret.setCreateTime(securityZone.getCreateTime());
+ ret.setUpdateTime(securityZone.getUpdateTime());
+ ret.setCreatedBy(securityZone.getCreatedBy());
+ ret.setUpdatedBy(securityZone.getUpdatedBy());
+ ret.setVersion(ret.getVersion());
+ ret.setIsEnabled(securityZone.getIsEnabled());
+ ret.setTagServices(securityZone.getTagServices());
+
+ Map<PrincipalType, Integer> adminCount = new HashMap<>();
+ Map<PrincipalType, Integer> auditorCount = new HashMap<>();
+
+ adminCount.put(PrincipalType.USER,
securityZone.getAdminUsers().size());
+ adminCount.put(PrincipalType.GROUP,
securityZone.getAdminUserGroups().size());
+ adminCount.put(PrincipalType.ROLE,
securityZone.getAdminRoles().size());
+
+ auditorCount.put(PrincipalType.USER,
securityZone.getAuditUsers().size());
+ auditorCount.put(PrincipalType.GROUP,
securityZone.getAuditUserGroups().size());
+ auditorCount.put(PrincipalType.ROLE,
securityZone.getAuditRoles().size());
+
+ ret.setAdminCount(adminCount);
+ ret.setAuditorCount(auditorCount);
+
+ List<ZoneServiceSummary> services =
getSecurityZoneServiceSummary(securityZone);
+
+ ret.setServices(services);
+
ret.setTotalResourceCount(services.stream().mapToLong(ZoneServiceSummary::getResourceCount).sum());
+
+ return ret;
+ }
+
+ private List<ZoneServiceSummary>
getSecurityZoneServiceSummary(RangerSecurityZone securityZone) {
+ List<ZoneServiceSummary> ret = new ArrayList<>();
+
+ if(MapUtils.isNotEmpty(securityZone.getServices())) {
+ for(Map.Entry<String, RangerSecurityZoneService> entry :
securityZone.getServices().entrySet()) {
+ String serviceName = entry.getKey();
+ RangerSecurityZoneService zoneService = entry.getValue();
+ XXService xService =
daoMgr.getXXService().findByName(serviceName);
+ XXServiceDef serviceDef =
daoMgr.getXXServiceDef().getById(xService.getType());
+ ZoneServiceSummary summary = new
ZoneServiceSummary();
+
+ summary.setId(xService.getId());
+ summary.setName(serviceName);
+ summary.setType(serviceDef.getName());
+
summary.setResourceCount((long)zoneService.getResources().size());
+
+ ret.add(summary);
+ }
+ }
+
+ return ret;
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
index 5c1438c5b..f45cdd396 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
@@ -62,6 +62,7 @@ import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerSecurityZone;
import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
import org.apache.ranger.plugin.model.RangerSecurityZoneV2;
+import org.apache.ranger.plugin.model.RangerSecurityZone.SecurityZoneSummary;
import org.apache.ranger.plugin.model.validation.RangerSecurityZoneValidator;
import org.apache.ranger.plugin.model.validation.RangerValidator;
import org.apache.ranger.plugin.store.PList;
@@ -110,10 +111,10 @@ public class SecurityZoneREST {
@Autowired
RangerValidatorFactory validatorFactory;
-
+
@Autowired
RangerBizUtil bizUtil;
-
+
@Autowired
ServiceREST serviceRest;
@@ -420,6 +421,36 @@ public class SecurityZoneREST {
return ret;
}
+ @GET
+ @Path("/summary")
+ @Produces({ "application/json" })
+ public PList<SecurityZoneSummary> getZonesSummary(@Context
HttpServletRequest request) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> getZonesSummary()");
+ }
+
+ if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+ throw
restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE,
MessageEnums.OPER_NO_PERMISSION);
+ }
+
+ PList<SecurityZoneSummary> ret = null;
+ SearchFilter filter =
searchUtil.getSearchFilter(request, securityZoneService.sortFields);
+ try {
+ ret = securityZoneStore.getZonesSummary(filter);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getZonesSummary() failed", excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== getZonesSummary():" + ret);
+ }
+ return ret;
+ }
+
public RangerSecurityZoneV2 createSecurityZone(RangerSecurityZoneV2
securityZone) {
LOG.debug("==> createSecurityZone({})", securityZone);
