This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 66bcc8635 RANGER-4459: updated GET sharedResources API to support filter by resource value 66bcc8635 is described below commit 66bcc8635f8201135915204146b1899aa36bba10 Author: Subhrat Chaudhary <such...@yahoo.com> AuthorDate: Mon Oct 9 02:04:18 2023 -0700 RANGER-4459: updated GET sharedResources API to support filter by resource value Signed-off-by: Madhan Neethiraj <mad...@apache.org> --- .../apache/ranger/plugin/util/SearchFilter.java | 1 + .../java/org/apache/ranger/biz/GdsDBStore.java | 35 ++++++++++++++++++++-- .../org/apache/ranger/common/RangerSearchUtil.java | 1 + .../service/RangerGdsSharedResourceService.java | 7 +++-- 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index f969cffc0..ed855446f 100755 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -109,6 +109,7 @@ public class SearchFilter { public static final String DATA_SHARE_NAME_PARTIAL = "dataShareNamePartial"; // search, sort public static final String DATA_SHARE_ID = "dataShareId"; // search, sort public static final String SHARED_RESOURCE_NAME = "sharedResourceName"; // search, sort + public static final String RESOURCE_CONTAINS = "resourceContains"; // search public static final String SHARED_RESOURCE_ID = "sharedResourceId"; // search, sort public static final String PROFILE_NAME = "profileName"; // search public static final String OWNER_NAME = "ownerName"; // search diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java index 58b2d3ca0..9901ed79b 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java @@ -44,7 +44,6 @@ import org.apache.ranger.plugin.model.RangerGds.DataShareSummary; import org.apache.ranger.plugin.model.RangerGds.DataShareInDatasetSummary; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerGds.GdsPermission; -import org.apache.ranger.plugin.model.RangerGds.GdsShareStatus; import org.apache.ranger.plugin.model.RangerGds.RangerDataShare; import org.apache.ranger.plugin.model.RangerGds.RangerDataShareInDataset; import org.apache.ranger.plugin.model.RangerGds.RangerDataset; @@ -967,13 +966,39 @@ public class GdsDBStore extends AbstractGdsStore { filter.setStartIndex(0); filter.setMaxRows(0); + final String resourceContains = filter.getParam(SearchFilter.RESOURCE_CONTAINS); + + filter.removeParam(SearchFilter.RESOURCE_CONTAINS); + RangerSharedResourceList result = sharedResourceService.searchSharedResources(filter); List<RangerSharedResource> sharedResources = new ArrayList<>(); - for (RangerSharedResource dataShare : result.getList()) { + for (RangerSharedResource sharedResource : result.getList()) { // TODO: enforce RangerSharedResource.acl + boolean includeResource = true; + + if (StringUtils.isNotEmpty(resourceContains)) { + includeResource = false; - sharedResources.add(dataShare); + if (sharedResource.getResource() != null) { + final Collection<RangerPolicyResource> resources = sharedResource.getResource().values(); + + if (CollectionUtils.isNotEmpty(resources)) { + includeResource = resources.stream().filter(Objects::nonNull) + .map(RangerPolicyResource::getValues).filter(Objects::nonNull) + .anyMatch(res -> hasResource(res, resourceContains)); + + if (!includeResource && CollectionUtils.isNotEmpty(sharedResource.getSubResourceNames())) { + includeResource = sharedResource.getSubResourceNames().stream().filter(Objects::nonNull) + .anyMatch(value -> value.contains(resourceContains)); + } + } + } + } + + if (includeResource) { + sharedResources.add(sharedResource);; + } } PList<RangerSharedResource> ret = getPList(sharedResources, startIndex, maxRows, result.getSortBy(), result.getSortType()); @@ -1661,4 +1686,8 @@ public class GdsDBStore extends AbstractGdsStore { return ret; } + + private boolean hasResource(List<String> resources, String resourceValue) { + return resources.stream().filter(Objects::nonNull).anyMatch(resource -> resource.contains(resourceValue)); + } } diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java index 89174b2e4..90e9a6c02 100755 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java @@ -119,6 +119,7 @@ public class RangerSearchUtil extends SearchUtil { ret.setParam(SearchFilter.CREATE_TIME_END, request.getParameter(SearchFilter.CREATE_TIME_END)); ret.setParam(SearchFilter.UPDATE_TIME_START, request.getParameter(SearchFilter.UPDATE_TIME_START)); ret.setParam(SearchFilter.UPDATE_TIME_END, request.getParameter(SearchFilter.UPDATE_TIME_END)); + ret.setParam(SearchFilter.RESOURCE_CONTAINS, request.getParameter(SearchFilter.RESOURCE_CONTAINS)); extractCommonCriteriasForFilter(request, ret, sortFields); diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java index a96f6e8b3..d9eac708c 100755 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerGdsSharedResourceService.java @@ -65,8 +65,11 @@ public class RangerGdsSharedResourceService extends RangerGdsBaseModelService<XX searchFields.add(new SearchField(SearchFilter.PROJECT_NAME, "p.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh, XXGdsDataShareInDataset dshid, XXGdsDatasetInProject dip, XXGdsProject p", "obj.dataShareId = dsh.id and dsh.id = dshid.dataShareId and dshid.datasetId = dip.datasetId and dip.projectId = p.id")); searchFields.add(new SearchField(SearchFilter.PROJECT_ID, "dip.projectId", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh, XXGdsDataShareInDataset dshid, XXGdsDatasetInProject dip", "obj.dataShareId = dsh.id and dsh.id = dshid.dataShareId and dshid.datasetId = dip.datasetId")); searchFields.add(new SearchField(SearchFilter.ZONE_ID, "dsh.zoneId", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh", "obj.dataShareId = dsh.id")); - searchFields.add(new SearchField(SearchFilter.ZONE_NAME, "z.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh, XXSecurityZone z", "obj.dataShareId = dsh.id and dsh.zoneId = z.id")); - searchFields.add(new SearchField(SearchFilter.ZONE_NAME_PARTIAL, "z.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL, "XXGdsDataShare dsh, XXSecurityZone z", "obj.dataShareId = dsh.id and dsh.zoneId = z.id")); + searchFields.add(new SearchField(SearchFilter.ZONE_NAME, "z.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh, XXSecurityZone z", "obj.dataShareId = dsh.id and dsh.zoneId = z.id")); + searchFields.add(new SearchField(SearchFilter.ZONE_NAME_PARTIAL, "z.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL, "XXGdsDataShare dsh, XXSecurityZone z", "obj.dataShareId = dsh.id and dsh.zoneId = z.id")); + searchFields.add(new SearchField(SearchFilter.SERVICE_ID, "dsh.serviceId", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh", "obj.dataShareId = dsh.id")); + searchFields.add(new SearchField(SearchFilter.SERVICE_NAME, "s.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL, "XXGdsDataShare dsh, XXService s", "obj.dataShareId = dsh.id and dsh.serviceId = s.id")); + searchFields.add(new SearchField(SearchFilter.SERVICE_NAME_PARTIAL, "s.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL, "XXGdsDataShare dsh, XXService s", "obj.dataShareId = dsh.id and dsh.serviceId = s.id")); sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime")); sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime"));