This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 0c9bb81f6 RANGER-5113: API to delete multiple policies including
policy name prefix filter
0c9bb81f6 is described below
commit 0c9bb81f6a476e7ed234084efb4ca0860fbc5524
Author: Guru Thejus Arveti <theju...@gmail.com>
AuthorDate: Fri Mar 7 09:55:41 2025 +0530
RANGER-5113: API to delete multiple policies including policy name prefix
filter
Signed-off-by: Madhan Neethiraj <mad...@apache.org>
---
.../ranger/plugin/store/AbstractPredicateUtil.java | 31 +++
.../apache/ranger/plugin/util/SearchFilter.java | 1 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 43 ++++
.../org/apache/ranger/common/RangerSearchUtil.java | 1 +
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 20 ++
.../java/org/apache/ranger/rest/ServiceREST.java | 115 +++++++++++
.../org/apache/ranger/biz/TestServiceDBStore.java | 229 +++++++++++++++++++++
7 files changed, 440 insertions(+)
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
index b4d549df7..de4ef7d40 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
@@ -190,6 +190,7 @@ public void addPredicates(SearchFilter filter,
List<Predicate> predicates) {
addPredicateForPolicyPriority(filter.getParam(SearchFilter.POLICY_PRIORITY),
predicates);
addPredicateForPartialPolicyLabels(filter.getParam(SearchFilter.POLICY_LABELS_PARTIAL),
predicates);
addPredicateForZoneName(filter.getParam(SearchFilter.ZONE_NAME),
predicates);
+
addPredicateForPrefixPolicyName(filter.getParam(SearchFilter.POLICY_NAME_PREFIX),
predicates);
// addPredicateForZoneId(filter.getParam(SearchFilter.ZONE_ID),
predicates); // not supported
}
@@ -355,6 +356,36 @@ private Predicate addPredicateForPolicyName(final String
policyName, List<Predic
return ret;
}
+ private Predicate addPredicateForPrefixPolicyName(final String
policyNamePrefix, List<Predicate> predicates) {
+ if (StringUtils.isEmpty(policyNamePrefix)) {
+ return null;
+ }
+
+ Predicate ret = object -> {
+ if (object == null) {
+ return false;
+ }
+
+ boolean ret1;
+
+ if (object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy) object;
+
+ ret1 = StringUtils.startsWithIgnoreCase(policy.getName(),
policyNamePrefix);
+ } else {
+ ret1 = true;
+ }
+
+ return ret1;
+ };
+
+ if (predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
private Predicate addPredicateForPartialPolicyName(final String
policyName, List<Predicate> predicates) {
if (StringUtils.isEmpty(policyName)) {
return null;
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
index 5a5556a2f..717b94c67 100755
---
a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
@@ -72,6 +72,7 @@ public class SearchFilter {
public static final String USER_NAME_PARTIAL = "userNamePartial";
// search
public static final String SERVICE_NAME_PREFIX = "serviceNamePrefix";
// search
public static final String ZONE_NAME_PREFIX = "zoneNamePrefix";
// search
+ public static final String POLICY_NAME_PREFIX = "policyNamePrefix";
public static final String TAG_DEF_ID = "tagDefId";
// search
public static final String TAG_DEF_GUID = "tagDefGuid";
// search
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 7beef34c7..089f06c37 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -200,6 +200,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
@@ -1956,6 +1957,48 @@ public List<RangerPolicy>
getPoliciesWithMetaAttributes(List<RangerPolicy> polic
return policiesList;
}
+ public void deletePolicies(Set<RangerPolicy> policies, String serviceName,
List<Long> deletedPolicyIds) throws Exception {
+ LOG.debug("==> ServiceDBStore.deletePolicies()");
+
+ if (policies == null) {
+ policies = Collections.emptySet();
+ }
+
+ RangerService service = getServiceByName(serviceName);
+
+ if (service == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
serviceName + ": service does not exist", true);
+ }
+
+ boolean isBulkMode = RangerBizUtil.isBulkMode();
+
+ if (!isBulkMode) {
+ RangerBizUtil.setBulkMode(true);
+ }
+
+ try {
+ for (RangerPolicy policy : policies) {
+ deletePolicy(policy, service);
+
+ deletedPolicyIds.add(policy.getId());
+
+ // it's a bulk policy delete call flush and clear
+ if (deletedPolicyIds.size() % RangerBizUtil.POLICY_BATCH_SIZE
== 0) {
+ bizUtil.bulkModeOnlyFlushAndClear();
+ }
+ }
+ } finally {
+ // Flush and Clear remaining
+ bizUtil.bulkModeOnlyFlushAndClear();
+
+ if (!isBulkMode) {
+ RangerBizUtil.setBulkMode(false);
+ }
+ }
+
+ LOG.debug("<== ServiceDBStore.deletePolicies(policyCount={}):
deletedCount={}", policies.size(), deletedPolicyIds.size());
+ }
+
@PostConstruct
public void initStore() {
LOG.debug("==> ServiceDBStore.initStore()");
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index 6833048e6..a76c2b5a3 100755
---
a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++
b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -113,6 +113,7 @@ public SearchFilter getSearchFilter(@Nonnull
HttpServletRequest request, List<So
ret.setParam(SearchFilter.TAG_ID,
request.getParameter(SearchFilter.TAG_ID));
ret.setParam(SearchFilter.CREATED_BY,
request.getParameter(SearchFilter.CREATED_BY));
ret.setParam(SearchFilter.APPROVER,
request.getParameter(SearchFilter.APPROVER));
+ ret.setParam(SearchFilter.POLICY_NAME_PREFIX,
request.getParameter(SearchFilter.POLICY_NAME_PREFIX));
ret.setParam(SearchFilter.SHARE_STATUS,
request.getParameter(SearchFilter.SHARE_STATUS));
for (Map.Entry<String, String[]> e :
request.getParameterMap().entrySet()) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 7b1eb7fe7..e580eb7c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -67,6 +67,7 @@
import javax.ws.rs.core.Context;
import java.util.Collection;
+import java.util.Collections;
import java.util.List;
@Path("public/v2")
@@ -686,6 +687,25 @@ public void deletePolicyByName(@QueryParam("servicename")
String serviceName, @Q
logger.debug("<== PublicAPIsv2.deletePolicyByName({}, {})",
serviceName, policyName);
}
+ @DELETE
+ @Path("/api/policies/bulk")
+ @Produces("application/json")
+ public List<Long> deletePolicies(@Context HttpServletRequest request,
@QueryParam("serviceName") String serviceName) {
+ logger.debug("==> PublicAPIsv2.deletePolicies()");
+
+ if (StringUtils.isBlank(serviceName)) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "Invalid
service name", true);
+ }
+
+ List<Long> ret = serviceREST.deleteBulkPolicies(serviceName, request);
+
+ Collections.sort(ret);
+
+ logger.debug("<== PublicAPIsv2.deletePolicies()");
+
+ return ret;
+ }
+
@DELETE
@Path("/api/policy/guid/{guid}")
public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid")
String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName,
@DefaultValue("") @QueryParam("zoneName") String zoneName) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index f7c521111..1208cf3db 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3089,6 +3089,30 @@ public List<RangerPurgeResult>
purgeRecords(@QueryParam("type") String recordTyp
return ret;
}
+ public List<Long> deleteBulkPolicies(String serviceName,
HttpServletRequest request) {
+ LOG.debug("==> ServiceREST.deleteBulkPolicies({})", serviceName);
+
+ Set<RangerPolicy> policies = new
HashSet<>(getBulkPolicies(serviceName, request));
+
+ ensureAdminAccessForServicePolicies(serviceName, policies);
+
+ List<Long> ret = new ArrayList<>();
+
+ try {
+ svcStore.deletePolicies(policies, serviceName, ret);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("deleteBulkPolicies(): failed after deleting {} of {}
policies", ret.size(), policies.size(), excp);
+
+ throw restErrorUtil.createRESTException("Failed after deleting " +
ret.size() + " of " + policies.size() + " policies. Error " + excp);
+ }
+
+ LOG.debug("<== ServiceREST.deleteBulkPolicies(): count={}",
ret.size());
+
+ return ret;
+ }
+
public RangerPolicyResource getPolicyResource(Object resourceName,
GrantRevokeRequest grantRequest) {
RangerPolicyResource ret;
@@ -3177,6 +3201,46 @@ void ensureAdminAndAuditAccess(RangerPolicy policy) {
ensureAdminAndAuditAccess(policy, new HashMap<>());
}
+ void ensureAdminAccessForPolicies(Set<RangerPolicy> policies, XXService
xxService, String serviceName) {
+ LOG.debug("==> ServiceREST.ensureAdminAccessForPolicies({})",
serviceName);
+
+ boolean isAdmin = bizUtil.isAdmin();
+ boolean isKeyAdmin = bizUtil.isKeyAdmin();
+ String userName = bizUtil.getCurrentUserLoginId();
+
+ XXServiceDef xServiceDef =
daoManager.getXXServiceDef().getById(xxService.getType());
+ Set<String> userGroups = userMgr.getGroupsForUser(userName);
+ RangerPolicyAdmin policyAdmin =
getPolicyAdminForDelegatedAdmin(serviceName);
+ Set<String> roles =
policyAdmin.getRolesFromUserAndGroups(userName, userGroups);
+ Map<String, Object> evalContext = new HashMap<>();
+ boolean isKmsService =
EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname());
+
+ RangerAccessRequestUtil.setCurrentUserInContext(evalContext, userName);
+
+ Map<String, Boolean> serviceToIsAdminUserMap = new HashMap<>();
+ Map<String, Boolean> zoneToIsAdminMap = new HashMap<>();
+
+ policies.forEach(policy -> {
+ boolean isServiceAdminUser =
serviceToIsAdminUserMap.computeIfAbsent(policy.getService(), svcName ->
svcStore.isServiceAdminUser(svcName, userName));
+ boolean isZoneAdmin =
!StringUtils.isEmpty(policy.getZoneName()) &&
zoneToIsAdminMap.computeIfAbsent(policy.getZoneName(), serviceMgr::isZoneAdmin);
+ boolean isSvcAdmin = isAdmin || isServiceAdminUser ||
isZoneAdmin;
+
+ if (!isAdmin && !isKeyAdmin && !isSvcAdmin) {
+ boolean isAllowed =
policyAdmin.isDelegatedAdminAccessAllowedForModify(policy, userName,
userGroups, roles, evalContext);
+
+ if (!isAllowed) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User '" +
userName + "' does not have delegated-admin privilege for policy id=" +
policy.getId(), true);
+ }
+ } else {
+ if ((isAdmin && isKmsService) || (isKeyAdmin &&
!isKmsService)) {
+ throw
restErrorUtil.createRESTException(xServiceDef.getName() + " policies are not
accessible for user '" + userName + "'.", MessageEnums.OPER_NO_PERMISSION);
+ }
+ }
+ });
+
+ LOG.debug("<== ServiceREST.ensureAdminAccessForPolicies({})",
serviceName);
+ }
+
void ensureAdminAndAuditAccess(RangerPolicy policy, Map<String, String>
mapServiceTypeAndImplClass) {
boolean isAdmin = bizUtil.isAdmin();
boolean isKeyAdmin = bizUtil.isKeyAdmin();
@@ -4362,6 +4426,57 @@ private String getRangerAdminZoneName(String
serviceName, GrantRevokeRequest gra
return ret;
}
+ private List<RangerPolicy> getBulkPolicies(String serviceName,
HttpServletRequest request) {
+ LOG.debug("==> ServiceREST.getBulkPolicies({})", serviceName);
+
+ List<RangerPolicy> ret;
+ RangerPerfTracer perf = null;
+
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG,
"ServiceREST.getBulkPolicies()");
+ }
+
+ SearchFilter filter = searchUtil.getSearchFilter(request,
policyService.sortFields);
+
+ filter.setStartIndex(0);
+ filter.setMaxRows(Integer.MAX_VALUE);
+ filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
+
+ ret = svcStore.getPolicies(filter);
+
+ ret = applyAdminAccessFilter(ret);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getBulkPolicies() failed", excp);
+
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+
+ LOG.debug("<== ServiceREST.getBulkPolicies({}): count={}",
serviceName, ret.size());
+
+ return ret;
+ }
+
+ private void ensureAdminAccessForServicePolicies(String serviceName,
Set<RangerPolicy> policies) {
+ LOG.debug("==> ServiceREST.ensureAdminAccessForServicePolicies({})",
serviceName);
+
+ if (!policies.isEmpty()) {
+ XXService xxService =
daoManager.getXXService().findByName(serviceName);
+
+ if (xxService == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST,
serviceName + ": service does not exist", true);
+ }
+
+ ensureAdminAccessForPolicies(policies, xxService, serviceName);
+ }
+
+ LOG.debug("<== ServiceREST.ensureAdminAccessForServicePolicies({})",
serviceName);
+ }
+
private RangerPolicy createPolicyUnconditionally(RangerPolicy policy)
throws Exception {
LOG.debug("==> ServiceREST.createPolicyUnconditionally({})", policy);
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index 7747e327a..75ddaf151 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -130,6 +130,7 @@
import org.mockito.junit.MockitoJUnitRunner;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
@@ -1517,6 +1518,234 @@ public void tess28updatePolicy() throws Exception {
Assert.assertEquals(dbRangerPolicy.getVersion(),
rangerPolicy.getVersion());
}
+ @Test
+ public void test29deletePolicies() throws Exception {
+ setup();
+ XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
+ XXService xService = Mockito.mock(XXService.class);
+ XXPolicyLabelMapDao xPolicyLabelMapDao =
Mockito.mock(XXPolicyLabelMapDao.class);
+
+ RangerService rangerService = rangerService();
+ RangerPolicy rangerPolicy1 = rangerPolicy();
+ RangerPolicy rangerPolicy2 = rangerPolicy();
+ rangerPolicy2.setName("HDFS_1-2-20150316062453");
+ rangerPolicy2.setId(Id + 1L);
+ rangerPolicy2.setGuid("policyguid2");
+ String name = "HDFS_1-1-20150316062453";
+
+ List<XXPolicyItem> policyItemList = new ArrayList<XXPolicyItem>();
+ XXPolicyItem policyItem1 = new XXPolicyItem();
+ policyItem1.setAddedByUserId(Id);
+ policyItem1.setCreateTime(new Date());
+ policyItem1.setDelegateAdmin(false);
+ policyItem1.setId(Id);
+ policyItem1.setOrder(1);
+ policyItem1.setPolicyId(Id);
+ policyItem1.setUpdatedByUserId(Id);
+ policyItem1.setUpdateTime(new Date());
+ policyItemList.add(policyItem1);
+
+ XXPolicyItem policyItem2 = new XXPolicyItem();
+ policyItem2.setAddedByUserId(Id);
+ policyItem2.setCreateTime(new Date());
+ policyItem2.setDelegateAdmin(false);
+ policyItem2.setId(Id + 1L);
+ policyItem2.setOrder(2);
+ policyItem2.setPolicyId(Id + 1L);
+ policyItem2.setUpdatedByUserId(Id);
+ policyItem2.setUpdateTime(new Date());
+ policyItemList.add(policyItem2);
+
+ List<XXPolicyItemCondition> policyItemConditionList = new
ArrayList<XXPolicyItemCondition>();
+ XXPolicyItemCondition policyItemCondition1 = new
XXPolicyItemCondition();
+ policyItemCondition1.setAddedByUserId(Id);
+ policyItemCondition1.setCreateTime(new Date());
+ policyItemCondition1.setType(1L);
+ policyItemCondition1.setId(Id);
+ policyItemCondition1.setOrder(1);
+ policyItemCondition1.setPolicyItemId(Id);
+ policyItemCondition1.setUpdatedByUserId(Id);
+ policyItemCondition1.setUpdateTime(new Date());
+ policyItemConditionList.add(policyItemCondition1);
+
+ XXPolicyItemCondition policyItemCondition2 = new
XXPolicyItemCondition();
+ policyItemCondition2.setAddedByUserId(Id);
+ policyItemCondition2.setCreateTime(new Date());
+ policyItemCondition2.setType(1L);
+ policyItemCondition2.setId(Id + 1L);
+ policyItemCondition2.setOrder(2);
+ policyItemCondition2.setPolicyItemId(Id + 1L);
+ policyItemCondition2.setUpdatedByUserId(Id);
+ policyItemCondition2.setUpdateTime(new Date());
+ policyItemConditionList.add(policyItemCondition2);
+
+ List<XXPolicyItemGroupPerm> policyItemGroupPermList = new
ArrayList<XXPolicyItemGroupPerm>();
+ XXPolicyItemGroupPerm policyItemGroupPerm1 = new
XXPolicyItemGroupPerm();
+ policyItemGroupPerm1.setAddedByUserId(Id);
+ policyItemGroupPerm1.setCreateTime(new Date());
+ policyItemGroupPerm1.setGroupId(Id);
+
+ XXPolicyItemGroupPerm policyItemGroupPerm2 = new
XXPolicyItemGroupPerm();
+ policyItemGroupPerm2.setAddedByUserId(Id);
+ policyItemGroupPerm2.setCreateTime(new Date());
+ policyItemGroupPerm2.setGroupId(Id);
+
+ List<XXServiceConfigMap> xConfMapList = new
ArrayList<XXServiceConfigMap>();
+ XXServiceConfigMap xConfMap1 = new XXServiceConfigMap();
+ xConfMap1.setAddedByUserId(null);
+ xConfMap1.setConfigkey(name);
+ xConfMap1.setConfigvalue(name);
+ xConfMap1.setCreateTime(new Date());
+ xConfMap1.setServiceId(null);
+ xConfMap1.setId(Id);
+ xConfMap1.setUpdatedByUserId(null);
+ xConfMap1.setUpdateTime(new Date());
+ xConfMapList.add(xConfMap1);
+
+ XXServiceConfigMap xConfMap2 = new XXServiceConfigMap();
+ xConfMap2.setAddedByUserId(null);
+ xConfMap2.setConfigkey(name);
+ xConfMap2.setConfigvalue(name);
+ xConfMap2.setCreateTime(new Date());
+ xConfMap2.setServiceId(null);
+ xConfMap2.setId(Id + 1L);
+ xConfMap2.setUpdatedByUserId(null);
+ xConfMap2.setUpdateTime(new Date());
+ xConfMapList.add(xConfMap2);
+
+ policyItemGroupPerm1.setId(Id);
+ policyItemGroupPerm1.setOrder(1);
+ policyItemGroupPerm1.setPolicyItemId(Id);
+ policyItemGroupPerm1.setUpdatedByUserId(Id);
+ policyItemGroupPerm1.setUpdateTime(new Date());
+ policyItemGroupPermList.add(policyItemGroupPerm1);
+
+ policyItemGroupPerm2.setId(Id + 1L);
+ policyItemGroupPerm2.setOrder(2);
+ policyItemGroupPerm2.setPolicyItemId(Id + 1L);
+ policyItemGroupPerm2.setUpdatedByUserId(Id);
+ policyItemGroupPerm2.setUpdateTime(new Date());
+ policyItemGroupPermList.add(policyItemGroupPerm2);
+
+ List<XXPolicyItemUserPerm> policyItemUserPermList = new
ArrayList<XXPolicyItemUserPerm>();
+ XXPolicyItemUserPerm policyItemUserPerm1 = new XXPolicyItemUserPerm();
+ policyItemUserPerm1.setAddedByUserId(Id);
+ policyItemUserPerm1.setCreateTime(new Date());
+ policyItemUserPerm1.setPolicyItemId(Id);
+ policyItemUserPerm1.setId(Id);
+ policyItemUserPerm1.setOrder(1);
+ policyItemUserPerm1.setUpdatedByUserId(Id);
+ policyItemUserPerm1.setUpdateTime(new Date());
+ policyItemUserPermList.add(policyItemUserPerm1);
+
+ XXPolicyItemUserPerm policyItemUserPerm2 = new XXPolicyItemUserPerm();
+ policyItemUserPerm2.setAddedByUserId(Id);
+ policyItemUserPerm2.setCreateTime(new Date());
+ policyItemUserPerm2.setPolicyItemId(Id + 1L);
+ policyItemUserPerm2.setId(Id + 1L);
+ policyItemUserPerm2.setOrder(2);
+ policyItemUserPerm2.setUpdatedByUserId(Id);
+ policyItemUserPerm2.setUpdateTime(new Date());
+ policyItemUserPermList.add(policyItemUserPerm2);
+
+ List<XXPolicyItemAccess> policyItemAccessList = new
ArrayList<XXPolicyItemAccess>();
+ XXPolicyItemAccess policyItemAccess1 = new XXPolicyItemAccess();
+ policyItemAccess1.setAddedByUserId(Id);
+ policyItemAccess1.setCreateTime(new Date());
+ policyItemAccess1.setPolicyitemid(Id);
+ policyItemAccess1.setId(Id);
+ policyItemAccess1.setOrder(1);
+ policyItemAccess1.setUpdatedByUserId(Id);
+ policyItemAccess1.setUpdateTime(new Date());
+ policyItemAccessList.add(policyItemAccess1);
+
+ XXPolicyItemAccess policyItemAccess2 = new XXPolicyItemAccess();
+ policyItemAccess2.setAddedByUserId(Id);
+ policyItemAccess2.setCreateTime(new Date());
+ policyItemAccess2.setPolicyitemid(Id + 1L);
+ policyItemAccess2.setId(Id + 1L);
+ policyItemAccess2.setOrder(2);
+ policyItemAccess2.setUpdatedByUserId(Id);
+ policyItemAccess2.setUpdateTime(new Date());
+ policyItemAccessList.add(policyItemAccess2);
+
+ List<XXPolicyResource> policyResourceList = new
ArrayList<XXPolicyResource>();
+ XXPolicyResource policyResource1 = new XXPolicyResource();
+ policyResource1.setId(Id);
+ policyResource1.setCreateTime(new Date());
+ policyResource1.setAddedByUserId(Id);
+ policyResource1.setIsExcludes(false);
+ policyResource1.setIsRecursive(false);
+ policyResource1.setPolicyId(Id);
+ policyResource1.setResDefId(Id);
+ policyResource1.setUpdatedByUserId(Id);
+ policyResource1.setUpdateTime(new Date());
+ policyResourceList.add(policyResource1);
+
+ XXPolicyResource policyResource2 = new XXPolicyResource();
+ policyResource2.setId(Id + 1L);
+ policyResource2.setCreateTime(new Date());
+ policyResource2.setAddedByUserId(Id);
+ policyResource2.setIsExcludes(false);
+ policyResource2.setIsRecursive(false);
+ policyResource2.setPolicyId(Id + 1L);
+ policyResource2.setResDefId(Id);
+ policyResource2.setUpdatedByUserId(Id);
+ policyResource2.setUpdateTime(new Date());
+ policyResourceList.add(policyResource2);
+
+ XXPolicyResourceMap policyResourceMap1 = new XXPolicyResourceMap();
+ policyResourceMap1.setAddedByUserId(Id);
+ policyResourceMap1.setCreateTime(new Date());
+ policyResourceMap1.setId(Id);
+ policyResourceMap1.setOrder(1);
+ policyResourceMap1.setResourceId(Id);
+ policyResourceMap1.setUpdatedByUserId(Id);
+ policyResourceMap1.setUpdateTime(new Date());
+ policyResourceMap1.setValue("1L");
+
+ XXPolicyResourceMap policyResourceMap2 = new XXPolicyResourceMap();
+ policyResourceMap2.setAddedByUserId(Id);
+ policyResourceMap2.setCreateTime(new Date());
+ policyResourceMap2.setId(Id + 1L);
+ policyResourceMap2.setOrder(2);
+ policyResourceMap2.setResourceId(Id);
+ policyResourceMap2.setUpdatedByUserId(Id);
+ policyResourceMap2.setUpdateTime(new Date());
+ policyResourceMap2.setValue("2L");
+
+ List<XXServiceConfigDef> xServiceConfigDefList = new
ArrayList<XXServiceConfigDef>();
+ XXServiceConfigDef serviceConfigDefObj = new XXServiceConfigDef();
+ serviceConfigDefObj.setId(Id);
+ xServiceConfigDefList.add(serviceConfigDefObj);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+ Mockito.when(xServiceDao.findByName(name)).thenReturn(xService);
+ Mockito.when(svcService.getPopulatedViewObject(xService)).thenReturn(
+ rangerService);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+ Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
+
+ Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
+ Mockito.when(xServiceDao.getById(rangerService.getId())).thenReturn(
+ xService);
+
Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+
Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy1.getId())).thenReturn(ListUtils.EMPTY_LIST);
+
+
Mockito.when(daoManager.getXXPolicyLabelMap()).thenReturn(xPolicyLabelMapDao);
+
Mockito.when(xPolicyLabelMapDao.findByPolicyId(rangerPolicy2.getId())).thenReturn(ListUtils.EMPTY_LIST);
+
+ Mockito.when(!bizUtil.hasAccess(xService, null)).thenReturn(true);
+
Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy1)).thenReturn(true);
+
Mockito.when(policyRefUpdater.cleanupRefTables(rangerPolicy2)).thenReturn(true);
+
+ serviceDBStore.deletePolicies(new
HashSet<>(Arrays.asList(rangerPolicy1, rangerPolicy2)), name, new
ArrayList<>());
+ Mockito.verify(policyService, Mockito.times(1)).delete(rangerPolicy1);
+ Mockito.verify(policyService, Mockito.times(1)).delete(rangerPolicy2);
+ Mockito.verify(bizUtil,
Mockito.atLeast(1)).bulkModeOnlyFlushAndClear();
+ }
+
@Test
public void tess29deletePolicy() throws Exception {
setup();
