This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 9dad22998 RANGER-4533: added REST API /public/v2/api/service-headers 9dad22998 is described below commit 9dad2299801465646036c4afd4bd24f948150fff Author: Madhan Neethiraj <mad...@apache.org> AuthorDate: Thu Nov 16 21:59:45 2023 -0800 RANGER-4533: added REST API /public/v2/api/service-headers --- .../plugin/model/RangerServiceHeaderInfo.java | 29 +++++++++ .../apache/ranger/plugin/util/SearchFilter.java | 4 +- .../org/apache/ranger/biz/SecurityZoneDBStore.java | 74 ++++++++++++++++++---- .../org/apache/ranger/common/RangerSearchUtil.java | 3 + .../ranger/db/XXSecurityZoneRefServiceDao.java | 15 +++-- .../ranger/db/XXSecurityZoneRefTagServiceDao.java | 15 +++-- .../java/org/apache/ranger/db/XXServiceDao.java | 20 ++++++ .../java/org/apache/ranger/rest/PublicAPIsv2.java | 26 +++++--- .../org/apache/ranger/rest/SecurityZoneREST.java | 12 ++-- .../java/org/apache/ranger/rest/ServiceREST.java | 46 ++++++++------ .../main/resources/META-INF/jpa_named_queries.xml | 15 ++++- .../org/apache/ranger/rest/TestPublicAPIsv2.java | 35 +++++----- 12 files changed, 218 insertions(+), 76 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java index b9ea28b43..e5b2bf4c2 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java @@ -21,12 +21,16 @@ import org.codehaus.jackson.annotate.JsonAutoDetect; import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; import org.codehaus.jackson.map.annotate.JsonSerialize; +import static org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME; + @JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) @JsonSerialize(include = JsonSerialize.Inclusion.NON_EMPTY) public class RangerServiceHeaderInfo extends RangerBaseModelObject implements java.io.Serializable { private static final long serialVersionUID = 1L; private String name; + private String displayName; + private String type; private Boolean isTagService; public RangerServiceHeaderInfo() { @@ -43,6 +47,15 @@ public class RangerServiceHeaderInfo extends RangerBaseModelObject implements ja setIsTagService(isTagService); } + public RangerServiceHeaderInfo(Long id, String name, String displayName, String type) { + super(); + setId(id); + setName(name); + setDisplayName(displayName); + setType(type); + setIsTagService(EMBEDDED_SERVICEDEF_TAG_NAME.equals(type)); + } + public String getName() { return name; } @@ -51,6 +64,22 @@ public class RangerServiceHeaderInfo extends RangerBaseModelObject implements ja this.name = name; } + public String getDisplayName() { + return displayName; + } + + public void setDisplayName(String displayName) { + this.displayName = displayName; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + public Boolean getIsTagService() { return isTagService; } diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index 61f879894..451b13afe 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -65,8 +65,10 @@ public class SearchFilter { public static final String GROUP_NAME = "groupName"; // search, sort public static final String USER_NAME = "userName"; // search, sort public static final String ROLE_NAME_PARTIAL = "roleNamePartial"; // search - public static final String GROUP_NAME_PARTIAL = "groupNamePartial"; // search + public static final String GROUP_NAME_PARTIAL = "groupNamePartial"; // search public static final String USER_NAME_PARTIAL = "userNamePartial"; // search + public static final String SERVICE_NAME_PREFIX = "serviceNamePrefix"; // search + public static final String ZONE_NAME_PREFIX = "zoneNamePrefix"; // search public static final String TAG_DEF_ID = "tagDefId"; // search public static final String TAG_DEF_GUID = "tagDefGuid"; // search diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java index 2228b89c5..6c6ddc49f 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java @@ -18,13 +18,10 @@ package org.apache.ranger.biz; import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections4.MapUtils; @@ -32,6 +29,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXSecurityZone; import org.apache.ranger.entity.XXService; @@ -83,6 +81,9 @@ public class SecurityZoneDBStore implements SecurityZoneStore { @Autowired ServiceMgr serviceMgr; + @Autowired + RangerSearchUtil searchUtil; + public void init() throws Exception {} @PostConstruct @@ -246,23 +247,70 @@ public class SecurityZoneDBStore implements SecurityZoneStore { return ret; } - public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() { - return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos(); + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList(HttpServletRequest request) { + String namePrefix = request.getParameter(SearchFilter.ZONE_NAME_PREFIX); + boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); + + List<RangerSecurityZoneHeaderInfo> ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos(); + + if (!ret.isEmpty() && filterByNamePrefix) { + for (ListIterator<RangerSecurityZoneHeaderInfo> iter = ret.listIterator(); iter.hasNext(); ) { + RangerSecurityZoneHeaderInfo zoneHeader = iter.next(); + + if (!StringUtils.startsWithIgnoreCase(zoneHeader.getName(), namePrefix)) { + iter.remove(); + } + } + } + + return ret; } - public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId) { + public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId, HttpServletRequest request) { + String namePrefix = request.getParameter(SearchFilter.SERVICE_NAME_PREFIX); + boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); + List<RangerServiceHeaderInfo> services = daoMgr.getXXSecurityZoneRefService().findServiceHeaderInfosByZoneId(zoneId); List<RangerServiceHeaderInfo> tagServices = daoMgr.getXXSecurityZoneRefTagService().findServiceHeaderInfosByZoneId(zoneId); - services.addAll(tagServices); + List<RangerServiceHeaderInfo> ret = new ArrayList<>(services.size() + tagServices.size()); - return services; + ret.addAll(services); + ret.addAll(tagServices); + + if (!ret.isEmpty() && filterByNamePrefix) { + for (ListIterator<RangerServiceHeaderInfo> iter = ret.listIterator(); iter.hasNext(); ) { + RangerServiceHeaderInfo serviceHeader = iter.next(); + + if (!StringUtils.startsWithIgnoreCase(serviceHeader.getName(), namePrefix)) { + iter.remove(); + } + } + } + + return ret; } - public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId(Long serviceId, Boolean isTagService ) { - if(serviceId == null){ + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId(Long serviceId, Boolean isTagService, HttpServletRequest request) { + if (serviceId == null){ throw restErrorUtil.createRESTException("Invalid value for serviceId", MessageEnums.INVALID_INPUT_DATA); } - return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId,isTagService); + + String namePrefix = request.getParameter(SearchFilter.ZONE_NAME_PREFIX); + boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); + + List<RangerSecurityZoneHeaderInfo> ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId, isTagService); + + if (!ret.isEmpty() && filterByNamePrefix) { + for (ListIterator<RangerSecurityZoneHeaderInfo> iter = ret.listIterator(); iter.hasNext(); ) { + RangerSecurityZoneHeaderInfo zoneHeader = iter.next(); + + if (!StringUtils.startsWithIgnoreCase(zoneHeader.getName(), namePrefix)) { + iter.remove(); + } + } + } + + return ret; } public PList<SecurityZoneSummary> getZonesSummary(SearchFilter filter) throws Exception { diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java index 62ff8e135..de72ff140 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java @@ -88,6 +88,9 @@ public class RangerSearchUtil extends SearchUtil { ret.setParam(SearchFilter.CLUSTER_NAME, request.getParameter(SearchFilter.CLUSTER_NAME)); ret.setParam(SearchFilter.FETCH_ZONE_UNZONE_POLICIES, request.getParameter(SearchFilter.FETCH_ZONE_UNZONE_POLICIES)); ret.setParam(SearchFilter.FETCH_TAG_POLICIES, request.getParameter(SearchFilter.FETCH_TAG_POLICIES)); + ret.setParam(SearchFilter.SERVICE_NAME_PREFIX, request.getParameter(SearchFilter.SERVICE_NAME_PREFIX)); + ret.setParam(SearchFilter.ZONE_NAME_PREFIX, request.getParameter(SearchFilter.ZONE_NAME_PREFIX)); + for (Map.Entry<String, String[]> e : request.getParameterMap().entrySet()) { String name = e.getKey(); String[] values = e.getValue(); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java index c6a801191..a7726d780 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java @@ -88,20 +88,21 @@ public class XXSecurityZoneRefServiceDao extends BaseDao<XXSecurityZoneRefServic } public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) { - List<RangerServiceHeaderInfo> serviceHeaderInfos = null; + List<RangerServiceHeaderInfo> ret; if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) { - @SuppressWarnings("unchecked") - List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList(); + List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefService.findServiceHeaderInfosByZoneId", Object[].class) + .setParameter("zoneId", zoneId).getResultList(); + + ret = new ArrayList<>(results.size()); - serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size()); for (Object[] result : results) { - serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], false)); + ret.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], (String) result[2], (String) result[3])); } } else { - serviceHeaderInfos = Collections.emptyList(); + ret = Collections.emptyList(); } - return serviceHeaderInfos; + return ret; } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java index 1eaf0dec3..9e1fb13ef 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java @@ -63,20 +63,21 @@ public class XXSecurityZoneRefTagServiceDao extends BaseDao<XXSecurityZoneRefTag } public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) { - List<RangerServiceHeaderInfo> serviceHeaderInfos = null; + List<RangerServiceHeaderInfo> ret; if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) { - @SuppressWarnings("unchecked") - List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList(); - serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size()); + List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId", Object[].class) + .setParameter("zoneId", zoneId).getResultList(); + + ret = new ArrayList<>(results.size()); for (Object[] result : results) { - serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], true)); + ret.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], (String) result[2], (String) result[3])); } } else { - serviceHeaderInfos = Collections.emptyList(); + ret = Collections.emptyList(); } - return serviceHeaderInfos; + return ret; } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java index ba92c7340..eb7fc05ae 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java @@ -18,12 +18,14 @@ package org.apache.ranger.db; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import javax.persistence.NoResultException; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXService; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; import org.springframework.stereotype.Service; /** @@ -148,4 +150,22 @@ public class XXServiceDao extends BaseDao<XXService> { return new ArrayList<>(); } } + + public List<RangerServiceHeaderInfo> findServiceHeaders() { + List<RangerServiceHeaderInfo> ret; + + try { + List<Object[]> results = getEntityManager().createNamedQuery("XXService.getAllServiceHeaders", Object[].class).getResultList(); + + ret = new ArrayList<>(results.size()); + + for (Object[] result : results) { + ret.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], (String) result[2], (String) result[3])); + } + } catch (NoResultException excp) { + ret = Collections.emptyList(); + } + + return ret; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index eebab8108..3aeda199a 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -161,14 +161,14 @@ public class PublicAPIsv2 { @GET @Path("/api/zone-headers") @Produces({ "application/json" }) - public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() { + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList(@Context HttpServletRequest request) { if (logger.isDebugEnabled()) { logger.debug("==> PublicAPIsv2.getSecurityZoneHeaderInfoList()"); } List<RangerSecurityZoneHeaderInfo> ret; try { - ret = securityZoneStore.getSecurityZoneHeaderInfoList(); + ret = securityZoneStore.getSecurityZoneHeaderInfoList(request); } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { @@ -192,10 +192,10 @@ public class PublicAPIsv2 { @GET @Path("/api/zones/zone-headers/for-service/{serviceId}") @Produces({ "application/json" }) - public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId( @PathParam("serviceId") Long serviceId - , @DefaultValue("false") @QueryParam("isTagService") Boolean isTagService - ) { - return securityZoneRest.getSecurityZoneHeaderInfoListByServiceId(serviceId,isTagService); + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId(@PathParam("serviceId") Long serviceId, + @DefaultValue("false") @QueryParam("isTagService") Boolean isTagService, + @Context HttpServletRequest request) { + return securityZoneRest.getSecurityZoneHeaderInfoListByServiceId(serviceId,isTagService, request); } /** @@ -207,14 +207,14 @@ public class PublicAPIsv2 { @GET @Path("/api/zones/{zoneId}/service-headers") @Produces({ "application/json" }) - public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(@PathParam("zoneId") Long zoneId) { + public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(@PathParam("zoneId") Long zoneId, @Context HttpServletRequest request) { if (logger.isDebugEnabled()) { logger.debug("==> PublicAPIsv2.getServiceHeaderInfoListByZoneId({})" + zoneId); } List<RangerServiceHeaderInfo> ret; try { - ret = securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId); + ret = securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId, request); } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { @@ -434,6 +434,14 @@ public class PublicAPIsv2 { return serviceREST.getServices(request).getServices(); } + @GET + @Path("/api/service-headers") + @Produces({ "application/json" }) + @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()") + public List<RangerServiceHeaderInfo> getServiceHeaders(@Context HttpServletRequest request) { + return serviceREST.getServiceHeaders(request); + } + @POST @Path("/api/service/") @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()") @@ -460,7 +468,6 @@ public class PublicAPIsv2 { return serviceREST.updateService(service, request); } - @PUT @Path("/api/service/name/{name}") @PreAuthorize("@rangerPreAuthSecurityHandler.isAPISpnegoAccessible()") @@ -516,6 +523,7 @@ public class PublicAPIsv2 { serviceREST.deleteService(service.getId()); } + /* * Policy Manipulation APIs */ diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java index 6513ad6b5..8f87d26fa 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java @@ -400,24 +400,28 @@ public class SecurityZoneREST { @GET @Path("/zones/zone-headers/for-service/{serviceId}") @Produces({ "application/json" }) - public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId( @PathParam("serviceId") Long serviceId - , @DefaultValue("false") @QueryParam ("isTagService") Boolean isTagService - ) { + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoListByServiceId(@PathParam("serviceId") Long serviceId, + @DefaultValue("false") @QueryParam ("isTagService") Boolean isTagService, + @Context HttpServletRequest request) { if (LOG.isDebugEnabled()) { LOG.debug("==> SecurityZoneREST.getSecurityZoneHeaderInfoListByServiceId() serviceId:{}, isTagService:{}",serviceId,isTagService); } + List<RangerSecurityZoneHeaderInfo> ret; + try { - ret = securityZoneStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, isTagService); + ret = securityZoneStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, isTagService, request); } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { LOG.error("SecurityZoneREST.getSecurityZoneHeaderInfoListByServiceId() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); } + if (LOG.isDebugEnabled()) { LOG.debug("<== SecurityZoneREST.getSecurityZoneHeaderInfoListByServiceId():" + ret); } + return ret; } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 5aee2a2c0..cffd177be 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -22,19 +22,9 @@ package org.apache.ranger.rest; import java.io.IOException; import java.io.InputStream; import java.security.SecureRandom; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Comparator; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.Map.Entry; -import java.util.Set; -import java.util.TreeMap; import java.util.stream.IntStream; -import java.util.Objects; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -98,16 +88,10 @@ import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXRole; -import org.apache.ranger.plugin.model.RangerPluginInfo; -import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.*; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerPolicyDelta; -import org.apache.ranger.plugin.model.RangerPolicyResourceSignature; -import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.ServiceDeleteResponse; import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; import org.apache.ranger.plugin.model.validation.RangerServiceDefHelper; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; @@ -1109,6 +1093,32 @@ public class ServiceREST { return ret; } + public List<RangerServiceHeaderInfo> getServiceHeaders(@Context HttpServletRequest request) { + LOG.debug("==> ServiceREST.getServiceHeaders()"); + + String namePrefix = request.getParameter(SearchFilter.SERVICE_NAME_PREFIX); + String svcType = request.getParameter(SearchFilter.SERVICE_TYPE); + boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); + boolean filterByType = StringUtils.isNotBlank(svcType); + + List<RangerServiceHeaderInfo> ret = daoManager.getXXService().findServiceHeaders(); + + if (!ret.isEmpty() && (filterByNamePrefix || filterByType)) { + for (ListIterator<RangerServiceHeaderInfo> iter = ret.listIterator(); iter.hasNext(); ) { + RangerServiceHeaderInfo serviceHeader = iter.next(); + + if (filterByNamePrefix && !StringUtils.startsWithIgnoreCase(serviceHeader.getName(), namePrefix)) { + iter.remove(); + } else if (filterByType && !StringUtils.equals(serviceHeader.getType(), svcType)) { + iter.remove(); + } + } + } + + LOG.debug("<== ServiceREST.getServiceHeaders(namePrefix={}, svcType={}): ret={}", namePrefix, svcType, ret); + + return ret; + } @GET @Path("/services/count") diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 33172ce85..113bc457f 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -687,6 +687,13 @@ <query>select obj.id from XXService obj</query> </named-query> + <named-query name="XXService.getAllServiceHeaders"> + <query> + SELECT obj.id, obj.name, obj.displayName, svcDef.name FROM XXService obj + LEFT OUTER JOIN XXServiceDef svcDef ON obj.type = svcDef.id + </query> + </named-query> + <!-- XXServiceVersionInfo --> <named-query name="XXServiceVersionInfo.findByServiceName"> <query> @@ -1728,7 +1735,9 @@ <named-query name="XXSecurityZoneRefService.findServiceHeaderInfosByZoneId"> <query> - SELECT obj.serviceId, obj.serviceName FROM XXSecurityZoneRefService obj WHERE obj.zoneId = :zoneId + SELECT obj.id, obj.name, obj.displayName, svcDef.name FROM XXService obj + LEFT OUTER JOIN XXServiceDef svcDef ON obj.type = svcDef.id + WHERE obj.id IN (SELECT ref.serviceId FROM XXSecurityZoneRefService ref WHERE ref.zoneId = :zoneId) </query> </named-query> @@ -1746,7 +1755,9 @@ <named-query name="XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId"> <query> - SELECT obj.tagServiceId, obj.tagServiceName FROM XXSecurityZoneRefTagService obj WHERE obj.zoneId = :zoneId + SELECT obj.id, obj.name, obj.displayName, svcDef.name FROM XXService obj + LEFT OUTER JOIN XXServiceDef svcDef ON obj.type = svcDef.id + WHERE obj.id IN (SELECT ref.tagServiceId FROM XXSecurityZoneRefTagService ref WHERE ref.zoneId = :zoneId) </query> </named-query> diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java index 73a593e9f..0fba41ee7 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java @@ -612,15 +612,18 @@ public class TestPublicAPIsv2 { @Test public void testGetAllZoneNames() throws Exception { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); List<RangerSecurityZoneHeaderInfo> zoneHeaderInfoList = new ArrayList<>(); + zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(2L, "zone-1")); zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(3L, "zone-2")); - Mockito.when(securityZoneStore.getSecurityZoneHeaderInfoList()).thenReturn(zoneHeaderInfoList); + Mockito.when(securityZoneStore.getSecurityZoneHeaderInfoList(request)).thenReturn(zoneHeaderInfoList); + + List<RangerSecurityZoneHeaderInfo> returnedZoneHeaderInfoList = publicAPIsv2.getSecurityZoneHeaderInfoList(request); - List<RangerSecurityZoneHeaderInfo> returnedZoneHeaderInfoList = publicAPIsv2.getSecurityZoneHeaderInfoList(); Assert.assertEquals(returnedZoneHeaderInfoList.size(), zoneHeaderInfoList.size()); - Mockito.verify(securityZoneStore, Mockito.times(1)).getSecurityZoneHeaderInfoList(); + Mockito.verify(securityZoneStore, Mockito.times(1)).getSecurityZoneHeaderInfoList(request); } @Test @@ -639,33 +642,35 @@ public class TestPublicAPIsv2 { rangerServiceList2.add(new RangerServiceHeaderInfo(5L, "yarn_1", false)); - Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(null)).thenReturn(Collections.emptyList()); - Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId1)).thenReturn(rangerServiceList1); - Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId2)).thenReturn(rangerServiceList2); - Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(nonExistingZondId)).thenReturn(Collections.emptyList()); + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(null, request)).thenReturn(Collections.emptyList()); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId1, request)).thenReturn(rangerServiceList1); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId2, request)).thenReturn(rangerServiceList2); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(nonExistingZondId, request)).thenReturn(Collections.emptyList()); // Null - List<RangerServiceHeaderInfo> returnedServicesNull = publicAPIsv2.getServiceHeaderInfoListByZoneId(null); + List<RangerServiceHeaderInfo> returnedServicesNull = publicAPIsv2.getServiceHeaderInfoListByZoneId(null, request); - Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null); + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null, request); Assert.assertEquals(returnedServicesNull.size(), 0); // Non existing zoneId - List<RangerServiceHeaderInfo> returnedServicesNonExisting = publicAPIsv2.getServiceHeaderInfoListByZoneId(nonExistingZondId); + List<RangerServiceHeaderInfo> returnedServicesNonExisting = publicAPIsv2.getServiceHeaderInfoListByZoneId(nonExistingZondId, request); - Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null); + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null, request); Assert.assertEquals(returnedServicesNonExisting.size(), 0); // zoneId1 - List<RangerServiceHeaderInfo> returnedServicesZone1 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId1); + List<RangerServiceHeaderInfo> returnedServicesZone1 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId1, request); - Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId1); + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId1, request); Assert.assertEquals(returnedServicesZone1.size(), rangerServiceList1.size()); // zoneId2 - List<RangerServiceHeaderInfo> returnedServicesZone2 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId2); + List<RangerServiceHeaderInfo> returnedServicesZone2 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId2, request); - Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId2); + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId2, request); Assert.assertEquals(returnedServicesZone2.size(), rangerServiceList2.size()); }