This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 614114efdd0589084aa3ab31fe4c9a0d41dd3fa8 Author: Madhan Neethiraj <[email protected]> AuthorDate: Tue Jan 9 13:14:29 2024 -0800 RANGER-4642: on security-zone delete/update, delete associated GDS objects --- .../org/apache/ranger/plugin/store/GdsStore.java | 5 ++ .../java/org/apache/ranger/biz/GdsDBStore.java | 67 +++++++++++++++++++--- .../org/apache/ranger/db/XXGdsDataShareDao.java | 25 ++++++-- .../java/org/apache/ranger/rest/ServiceREST.java | 5 -- .../service/RangerSecurityZoneServiceService.java | 7 +++ .../ranger/service/RangerServiceService.java | 10 ++++ .../main/resources/META-INF/jpa_named_queries.xml | 4 ++ 7 files changed, 104 insertions(+), 19 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java index afbce78a1..0dad263d9 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java @@ -28,6 +28,7 @@ import org.apache.ranger.plugin.model.RangerGds.RangerSharedResource; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.util.SearchFilter; +import java.util.Collection; import java.util.List; /** @@ -133,4 +134,8 @@ public interface GdsStore { PList<RangerDatasetInProject> searchDatasetInProjects(SearchFilter filter) throws Exception; void deleteAllGdsObjectsForService(Long serviceId) throws Exception; + + void deleteAllGdsObjectsForSecurityZone(Long zoneId) throws Exception; + + void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) throws Exception; } diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java index 701165f9d..a69647948 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java @@ -1191,7 +1191,7 @@ public class GdsDBStore extends AbstractGdsStore { } @Override - public void deleteAllGdsObjectsForService(Long serviceId) throws Exception { + public void deleteAllGdsObjectsForService(Long serviceId) { LOG.debug("==> deleteAllGdsObjectsForService({})", serviceId); List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByServiceId(serviceId); @@ -1200,21 +1200,70 @@ public class GdsDBStore extends AbstractGdsStore { LOG.info("Deleting {} dataShares associated with service id={}", dataShares.size(), serviceId); dataShares.forEach(dataShare -> { - try { - LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName()); - - deleteDataShare(dataShare.getId(), true); - } catch (Exception excp) { - LOG.error("failed to delete dataShare id={}, name={}", dataShare.getId(), dataShare.getName(), excp); + LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName()); - throw excp; - } + deleteDataShare(dataShare.getId(), true); }); } LOG.debug("<== deleteAllGdsObjectsForService({})", serviceId); } + @Override + public void deleteAllGdsObjectsForSecurityZone(Long zoneId) { + LOG.debug("==> deleteAllGdsObjectsForSecurityZone({})", zoneId); + + List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByZoneId(zoneId); + + if (CollectionUtils.isNotEmpty(dataShares)) { + LOG.info("Deleting {} dataShares associated with securityZone id={}", dataShares.size(), zoneId); + + dataShares.forEach(dataShare -> { + LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName()); + + deleteDataShare(dataShare.getId(), true); + }); + } + + LOG.debug("<== deleteAllGdsObjectsForSecurityZone({})", zoneId); + } + + @Override + public void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) { + LOG.debug("==> deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId); + + if (zoneId != null && CollectionUtils.isNotEmpty(serviceNames)) { + XXServiceDao serviceDao = daoMgr.getXXService(); + XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare(); + + for (String serviceName : serviceNames) { + Long serviceId = serviceDao.findIdByName(serviceName); + + if (serviceId == null) { + LOG.warn("deleteAllGdsObjectsForServicesInSecurityZone(): invalid service name={}. Ignored", serviceName); + + continue; + } + + List<XXGdsDataShare> dataShares = dataShareDao.findByServiceIdAndZoneId(serviceId, zoneId); + + if (CollectionUtils.isEmpty(dataShares)) { + continue; + } + + LOG.info("Deleting {} dataShares associated with service(name={}) in securityZone(id={})", dataShares.size(), serviceName, zoneId); + + dataShares.forEach(dataShare -> { + LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName()); + + deleteDataShare(dataShare.getId(), true); + }); + } + } + + LOG.debug("<== deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId); + } + public ServiceGdsInfo getGdsInfoIfUpdated(String serviceName, Long lastKnownVersion) throws Exception { LOG.debug("==> GdsDBStore.getGdsInfoIfUpdated({}, {})", serviceName , lastKnownVersion); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java index 2845a1d04..8acca8f89 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java @@ -75,7 +75,7 @@ public class XXGdsDataShareDao extends BaseDao<XXGdsDataShare> { if (serviceId != null) { try { ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByServiceId", tClass) - .setParameter("serviceId", serviceId).getResultList(); + .setParameter("serviceId", serviceId).getResultList(); } catch (NoResultException e) { LOG.debug("findByServiceId({}): ", serviceId, e); } @@ -84,16 +84,31 @@ public class XXGdsDataShareDao extends BaseDao<XXGdsDataShare> { return ret != null ? ret : Collections.emptyList(); } + public List<XXGdsDataShare> findByZoneId(Long zoneId) { + List<XXGdsDataShare> ret = null; + + if (zoneId != null) { + try { + ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByZoneId", tClass) + .setParameter("zoneId", zoneId).getResultList(); + } catch (NoResultException e) { + LOG.debug("findByZoneId({}): ", zoneId, e); + } + } + + return ret != null ? ret : Collections.emptyList(); + } + public List<XXGdsDataShare> findByServiceIdAndZoneId(Long serviceId, Long zoneId) { List<XXGdsDataShare> ret = null; - if (serviceId != null) { + if (serviceId != null && zoneId != null) { try { ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByServiceIdAndZoneId", tClass) - .setParameter("serviceId", serviceId) - .setParameter("zoneId", zoneId).getResultList(); + .setParameter("serviceId", serviceId) + .setParameter("zoneId", zoneId).getResultList(); } catch (NoResultException e) { - LOG.debug("findByServiceIdAndZoneId({}): ", serviceId, e); + LOG.debug("findByServiceIdAndZoneId({}, {}): ", serviceId, zoneId, e); } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index e7e0abbc8..f9fd4941e 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -54,7 +54,6 @@ import org.apache.ranger.admin.client.datatype.RESTResponse; import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig; import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.biz.AssetMgr; -import org.apache.ranger.biz.GdsDBStore; import org.apache.ranger.biz.PolicyRefUpdater; import org.apache.ranger.biz.RangerPolicyAdmin; import org.apache.ranger.biz.RangerBizUtil; @@ -240,9 +239,6 @@ public class ServiceREST { @Autowired TagDBStore tagStore; - @Autowired - GdsDBStore gdsStore; - @Autowired RangerTransactionSynchronizationAdapter rangerTransactionSynchronizationAdapter; @@ -4649,7 +4645,6 @@ public class ServiceREST { } tagStore.deleteAllTagObjectsForService(service.getName()); - gdsStore.deleteAllGdsObjectsForService(id); deletedServiceName = service.getName(); diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java index 940bd0bc6..25567c727 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java @@ -33,6 +33,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig; import org.apache.ranger.authorization.utils.StringUtil; +import org.apache.ranger.biz.GdsDBStore; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.view.VTrxLogAttr; @@ -65,6 +66,9 @@ public class RangerSecurityZoneServiceService extends RangerSecurityZoneServiceB @Autowired ServiceDBStore serviceDBStore; + @Autowired + GdsDBStore gdsStore; + boolean compressJsonData = false; private static final Logger logger = LoggerFactory.getLogger(RangerSecurityZoneServiceService.class); @@ -227,6 +231,8 @@ public class RangerSecurityZoneServiceService extends RangerSecurityZoneServiceB serviceDBStore.deleteZonePolicies(deletedTagServiceNames, ret.getId()); + gdsStore.deleteAllGdsObjectsForServicesInSecurityZone(deletedServiceNames, ret.getId()); + oldServiceNames.addAll(updatedServiceNames); updateServiceInfos(oldServiceNames); } catch (Exception exception) { @@ -249,6 +255,7 @@ public class RangerSecurityZoneServiceService extends RangerSecurityZoneServiceB try { serviceDBStore.deleteZonePolicies(allServiceNames, id); + gdsStore.deleteAllGdsObjectsForSecurityZone(id); updateServiceInfos(allServiceNames); } catch (Exception exception) { logger.error("preDelete processing failed for security-zone:[" + viewObject + "]", exception); diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java index 74a3caa13..3acbfd55d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java @@ -26,6 +26,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.commons.lang.StringUtils; +import org.apache.ranger.biz.GdsDBStore; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; @@ -54,6 +55,9 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra @Autowired JSONUtil jsonUtil; + @Autowired + GdsDBStore gdsStore; + private String hiddenPasswordString; static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); @@ -357,6 +361,12 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra XXService ret = super.preDelete(id); if (ret != null) { + try { + gdsStore.deleteAllGdsObjectsForService(id); + } catch (Exception excp) { + LOG.error("Error deleting GDS objects for service(id={})", id, excp); + } + XXServiceVersionInfoDao serviceVersionInfoDao = daoMgr.getXXServiceVersionInfo(); XXServiceVersionInfo serviceVersionInfo = serviceVersionInfoDao.findByServiceId(id); diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index ae6788bac..52ecf8a3e 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -2212,6 +2212,10 @@ <query>select obj from XXGdsDataShare obj where obj.serviceId = :serviceId</query> </named-query> + <named-query name="XXGdsDataShare.findByZoneId"> + <query>select obj from XXGdsDataShare obj where obj.zoneId = :zoneId</query> + </named-query> + <named-query name="XXGdsDataShare.findByServiceIdAndZoneId"> <query>select obj from XXGdsDataShare obj where obj.serviceId = :serviceId and obj.zoneId = :zoneId</query> </named-query>
