http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java new file mode 100644 index 0000000..3aebe39 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java @@ -0,0 +1,3218 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.biz; + +import java.io.File; +import java.io.IOException; +import java.net.UnknownHostException; +import java.security.cert.X509Certificate; +import java.sql.Timestamp; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Random; +import java.util.Set; +import java.util.concurrent.Callable; +import java.util.concurrent.TimeUnit; + +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.hive.serde2.lazybinary.LazyBinaryUtils.VLong; +import org.apache.hive.com.esotericsoftware.minlog.Log; +import org.apache.log4j.Logger; +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.DateUtil; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.common.TimedEventUtil; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.common.XACommonEnums; +import org.apache.ranger.common.XAConstants; +import org.apache.ranger.db.XADaoManager; +import org.apache.ranger.entity.XXAsset; +import org.apache.ranger.entity.XXAuditMap; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPermMap; +import org.apache.ranger.entity.XXPolicyExportAudit; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXPortalUserRole; +import org.apache.ranger.entity.XXResource; +import org.apache.ranger.entity.XXTrxLog; +import org.apache.ranger.entity.XXUser; +import org.apache.ranger.hadoop.client.HadoopFS; +import org.apache.ranger.hadoop.client.exceptions.HadoopException; +import org.apache.ranger.hbase.client.HBaseClient; +import org.apache.ranger.hive.client.HiveClient; +import org.apache.ranger.knox.client.KnoxClient; +import org.apache.ranger.service.XAccessAuditService; +import org.apache.ranger.service.XAuditMapService; +import org.apache.ranger.service.XGroupService; +import org.apache.ranger.service.XPermMapService; +import org.apache.ranger.service.XPolicyService; +import org.apache.ranger.service.XTrxLogService; +import org.apache.ranger.service.XUserService; +import org.apache.ranger.storm.client.StormClient; +import org.apache.ranger.util.RestUtil; +import org.apache.ranger.view.VXAccessAuditList; +import org.apache.ranger.view.VXAsset; +import org.apache.ranger.view.VXAuditMap; +import org.apache.ranger.view.VXAuditMapList; +import org.apache.ranger.view.VXLong; +import org.apache.ranger.view.VXMessage; +import org.apache.ranger.view.VXPermMap; +import org.apache.ranger.view.VXPermMapList; +import org.apache.ranger.view.VXPolicy; +import org.apache.ranger.view.VXPolicyExportAuditList; +import org.apache.ranger.view.VXResource; +import org.apache.ranger.view.VXResourceList; +import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.VXStringList; +import org.apache.ranger.view.VXTrxLog; +import org.apache.ranger.view.VXTrxLogList; +import org.apache.ranger.view.VXUser; +import org.codehaus.jackson.JsonGenerationException; +import org.codehaus.jackson.map.JsonMappingException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.stereotype.Component; +import org.springframework.transaction.PlatformTransactionManager; +import org.springframework.transaction.TransactionDefinition; +import org.springframework.transaction.TransactionStatus; +import org.springframework.transaction.support.TransactionCallback; +import org.springframework.transaction.support.TransactionTemplate; + +@Component +public class AssetMgr extends AssetMgrBase { + + + @Autowired + XPermMapService xPermMapService; + + @Autowired + XAuditMapService xAuditMapService; + + @Autowired + JSONUtil jsonUtil; + + @Autowired + AssetConnectionMgr assetConnectionMgr; + + @Autowired + XABizUtil msBizUtil; + + @Autowired + StringUtil stringUtil; + + @Autowired + XADaoManager xADaoManager; + + @Autowired + XUserService xUserService; + + @Autowired + XABizUtil xaBizUtil; + + @Autowired + XTrxLogService xTrxLogService; + + @Autowired + XAccessAuditService xAccessAuditService; + + @Autowired + XGroupService xGroupService; + + @Autowired + XUserMgr xUserMgr; + + @Autowired + @Qualifier(value = "transactionManager") + PlatformTransactionManager txManager; + + @Autowired + XPolicyService xPolicyService; + + static Logger logger = Logger.getLogger(AssetMgr.class); + + @Override + public VXResource createXResource(VXResource vXResource) { + UserSessionBase session = ContextUtil.getCurrentUserSession(); + if (session == null) { + logger.error("Trying to create/update policy without log-in."); + throw restErrorUtil.create403RESTException("Resource " + + "creation/updation not allowed"); + } + + Long assetId = vXResource.getAssetId(); + XXAsset xAsset = xADaoManager.getXXAsset().getById(assetId); + if (xAsset == null) { + logger.error("Repository not found for assetId : " + assetId); + throw restErrorUtil.create403RESTException("Repository for which" + + " the policy is created, doesn't exist."); + } + + if(xAsset.getActiveStatus()==XACommonEnums.ACT_STATUS_DISABLED){ + if(!session.isUserAdmin()){ + logger.error("Trying to create/update policy in disabled repository"); + throw restErrorUtil.createRESTException("Resource " + + "creation/updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION); + } + } + // Create resource path for HIVE/Hbase policy. + if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + createResourcePathForHive(vXResource); + } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) { + createResourcePathForHbase(vXResource); + }else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) { + createResourcePathForKnox(vXResource); + }else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) { + createResourcePathForStorm(vXResource); + } + + String resourceName = vXResource.getName(); + String[] orgResNameList = stringUtil.split(resourceName, ","); + List<String> newResNameList = new ArrayList<String>(); + for(String resName : orgResNameList) { + if(resName.length() > 1 && (resName.substring(resName.length()-1).equalsIgnoreCase("/"))) { + resName = resName.substring(0, resName.length()-1); + newResNameList.add(resName); + logger.info("Resource Name is not valid : " +resName + " Ignoring last /"); + } else { + newResNameList.add(resName); + } + } + String updResName = StringUtils.join(newResNameList, ","); + vXResource.setName(updResName); + + SearchCriteria searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("assetId", vXResource.getAssetId()); + searchCriteria.getParamList().put("fullname", vXResource.getName()); + + if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + if(stringUtil.isEmpty(vXResource.getUdfs())) { + searchCriteria.addParam("tableType", vXResource.getTableType()); + searchCriteria.addParam("columnType", vXResource.getColumnType()); + } else { + searchCriteria.addParam("udfs", vXResource.getUdfs()); + } + } else if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) { + searchCriteria.addParam("isRecursive", vXResource.getIsRecursive()); + } + + VXResourceList vXResourceList=xResourceService.searchXResources(searchCriteria); + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + logger.error("policy already exist with resource "+vXResource.getName()); + throw restErrorUtil.createRESTException("policy already exist with resource " + +vXResource.getName(),MessageEnums.ERROR_DUPLICATE_OBJECT); + } + + VXResponse vXResponse = xaBizUtil.hasPermission(vXResource, + AppConstants.XA_PERM_TYPE_ADMIN); + if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) { + throw restErrorUtil.createRESTException(vXResponse); + } + + if (vXResource.getCheckParentPermission() != XAConstants.BOOL_FALSE) { + // check parent access for user and group + xResourceService.checkAccess(vXResource); + } + vXResourceList=null; + if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){ + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("fullPolicyName", vXResource.getPolicyName()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + //if policyname already exist then set null to generate from system + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + logger.error("policy already exist with name "+vXResource.getPolicyName()); + //logger.info("A system generated policy name shall be assigned to "+vXResource.getPolicyName()); + //vXResource.setPolicyName(null); + throw restErrorUtil.createRESTException("policy already exist with name " + +vXResource.getPolicyName(),MessageEnums.ERROR_DUPLICATE_OBJECT); + } + } + + int tempPoliciesCount=0; + String tempPolicyName=null; + vXResourceList=null; + if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){ + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("assetId", vXResource.getAssetId()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + tempPoliciesCount=vXResourceList.getListSize(); + } + vXResourceList=null; + while(true){ + tempPoliciesCount++; + tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss"); + vXResource.setPolicyName(tempPolicyName); + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("policyName", vXResource.getPolicyName()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + //if policy name not exist then list will be empty and generated policyname will valid + if(vXResourceList==null|| vXResourceList.getListSize()==0){ + break; + } + } + } + + + vXResource = xResourceService.createResource(vXResource); + + List<VXPermMap> permMapList = vXResource.getPermMapList(); + List<VXAuditMap> auditMapList = vXResource.getAuditList(); + + List<XXTrxLog> trxLogList = xResourceService.getTransactionLog( + vXResource, "create"); + for (VXPermMap vXPermMap : permMapList) { + trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap, + "create")); + } + for (VXAuditMap vXAuditMap : auditMapList) { + trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMap, + "create")); + } + + xaBizUtil.createTrxLog(trxLogList); + + return vXResource; + } + + @Override + public VXResource updateXResource(VXResource vXResource) { + + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + if (currentUserSession == null) { + throw restErrorUtil.createRESTException("Resource updation not " + + "allowed",MessageEnums.OPER_NO_PERMISSION); + } + + Long assetId = vXResource.getAssetId(); + XXAsset xAsset = xADaoManager.getXXAsset().getById(assetId); + if (xAsset == null) { + throw restErrorUtil.createRESTException("The repository for which " + + "you're updating policy, doesn't exist.", + MessageEnums.INVALID_INPUT_DATA); + } + + if(xAsset.getActiveStatus()==XACommonEnums.STATUS_DISABLED){ + if(!currentUserSession.isUserAdmin()){ + logger.error("Trying to update policy in disabled repository"); + throw restErrorUtil.createRESTException("Resource " + + "updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION); + } + } + + if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + createResourcePathForHive(vXResource); + } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) { + createResourcePathForHbase(vXResource); + }else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) { + createResourcePathForKnox(vXResource); + }else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) { + createResourcePathForStorm(vXResource); + } + + SearchCriteria searchCriteria = new SearchCriteria(); + searchCriteria.getParamList().put("assetId", vXResource.getAssetId()); + searchCriteria.getParamList().put("fullname", vXResource.getName()); + + if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + if(stringUtil.isEmpty(vXResource.getUdfs())) { + searchCriteria.addParam("tableType", vXResource.getTableType()); + searchCriteria.addParam("columnType", vXResource.getColumnType()); + } else { + searchCriteria.addParam("udfs", vXResource.getUdfs()); + } + } else if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) { + searchCriteria.addParam("isRecursive", vXResource.getIsRecursive()); + } + + VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + if(vXResource!=null && vXResource.getId()!=null){ + for(VXResource vXResourceTemp :vXResourceList.getList()){ + if(vXResourceTemp!=null && !(vXResource.getId().equals(vXResourceTemp.getId()))){ + logger.error("policy already exists with name "+vXResource.getName()); + throw restErrorUtil.createRESTException("policy already exists with name " + +vXResource.getName(),MessageEnums.ERROR_DUPLICATE_OBJECT); + } + } + } + } + + VXResponse vXResponse = xaBizUtil.hasPermission(vXResource, + AppConstants.XA_PERM_TYPE_ADMIN); + if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) { + throw restErrorUtil.createRESTException(vXResponse); + } + + if (vXResource.getCheckParentPermission() != XAConstants.BOOL_FALSE) { + // check parent access for user and group + xResourceService.checkAccess(vXResource); + } + + //policyName creation and validation logic start here + if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){ + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("fullPolicyName", vXResource.getPolicyName()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + if(vXResource!=null && vXResource.getId()!=null){ + for (VXResource newVXResource : vXResourceList.getList()) { + if(newVXResource!=null && newVXResource.getId()!=null){ + if(!vXResource.getId().equals(newVXResource.getId()) && vXResource.getPolicyName().trim().equalsIgnoreCase((newVXResource.getPolicyName()!=null?newVXResource.getPolicyName().trim():newVXResource.getPolicyName()))){ + logger.error("policy already exists with name "+vXResource.getPolicyName()); +// logger.info("A system generated policy name shall be assigned to "+vXResource.getPolicyName()); +// vXResource.setPolicyName(null); +// break; + throw restErrorUtil.createRESTException("policy already exists with name " + +vXResource.getPolicyName(),MessageEnums.ERROR_DUPLICATE_OBJECT); + } + } + } + } + } + } + + int tempPoliciesCount=0; + int totalPoliciesCount=1; + String tempPolicyName=null; + vXResourceList=null; + if(vXResource!=null && (vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty())){ + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("assetId", vXResource.getAssetId()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + if(vXResourceList!=null && vXResourceList.getListSize()>0){ + totalPoliciesCount=vXResourceList.getListSize(); + tempPoliciesCount++; + for(VXResource newVXResource : vXResourceList.getList()) { + if(newVXResource!=null && newVXResource.getId()!=null){ + if(vXResource.getId().equals(newVXResource.getId())){ + break; + } + } + tempPoliciesCount++; + } + tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss"); + vXResource.setPolicyName(tempPolicyName); + vXResourceList=null; + }else{ + tempPoliciesCount++; + tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss"); + vXResource.setPolicyName(tempPolicyName); + } + while(true){ + searchCriteria=new SearchCriteria(); + searchCriteria.getParamList().put("policyName", vXResource.getPolicyName()); + vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria); + if(vXResourceList==null || vXResourceList.getListSize()==0){ + break; + }else{ + tempPolicyName=xAsset.getName()+"-"+totalPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss"); + vXResource.setPolicyName(tempPolicyName); + } + } + + } + + //policyName creation and validation logic end here + + XXResource xResouce = xADaoManager.getXXResource().getById( + vXResource.getId()); + + List<XXTrxLog> trxLogList = xResourceService.getTransactionLog( + vXResource, xResouce, "update"); + + VXResource resource = super.updateXResource(vXResource); + + List<VXPermMap> newPermMapList = vXResource.getPermMapList(); + searchCriteria = new SearchCriteria(); + searchCriteria.addParam("resourceId", vXResource.getId()); + VXPermMapList prevPermMaps = xPermMapService + .searchXPermMaps(searchCriteria); + List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>(); + if (prevPermMaps != null) { + prevPermMapList = prevPermMaps.getVXPermMaps(); + } + + List<VXPermMap> permMaps = new ArrayList<VXPermMap>(); + List<VXAuditMap> auditMaps = new ArrayList<VXAuditMap>(); + + List<VXPermMap> permMapsToDelete = new ArrayList<VXPermMap>(); + List<VXAuditMap> auditMapsToDelete = new ArrayList<VXAuditMap>(); + + // Create and update permissions + if (newPermMapList != null) { + for (VXPermMap newObj : newPermMapList) { + if (newObj.getUserId() == null && newObj.getGroupId() == null + && !stringUtil.isEmpty(newObj.getUserName())) { + XXUser xxUser = xADaoManager.getXXUser().findByUserName( + newObj.getUserName()); + if (xxUser != null) { + newObj.setUserId(xxUser.getId()); + } else { + VXUser vxUser = new VXUser(); + vxUser.setName(newObj.getUserName()); + vxUser.setDescription(newObj.getUserName()); + vxUser = xUserService.createResource(vxUser); + newObj.setUserId(vxUser.getId()); + } + } + newObj.setResourceId(resource.getId()); + if (newObj.getId() != null) { + /** + * Considering the new objects won't have id however the + * existing ones will have id. + */ + for (VXPermMap oldObj : prevPermMapList) { + if (oldObj.getId().equals(newObj.getId())) { + if (oldObj.getPermType() != newObj.getPermType()) { + // This should never be the case because we're + // not supporting perm map update. + // doNothing... + logger.error( + "Invalid use case: shouldn't be happening, need to debug.", + new IllegalStateException()); + break; + } else { + xPermMapService.updateResource(newObj); + trxLogList.addAll(xPermMapService + .getTransactionLog(newObj, oldObj, + "update")); + } + } + } + // newObj = xPermMapService.updateResource(newObj); + } else { + newObj = xPermMapService.createResource(newObj); + trxLogList.addAll(xPermMapService.getTransactionLog(newObj, + "create")); + } + permMaps.add(newObj); + } + } + + // Delete old removed permissions + if (prevPermMapList != null) { + for (VXPermMap oldObj : prevPermMapList) { + boolean found = false; + if (newPermMapList != null) { + for (VXPermMap newObj : newPermMapList) { + if (newObj.getId() != null + && newObj.getId().equals(oldObj.getId())) { + found = true; + break; + } + } + } + if (!found) { + trxLogList.addAll(xPermMapService.getTransactionLog(oldObj, + "delete")); + permMapsToDelete.add(oldObj); + // xPermMapService.deleteResource(oldObj.getId()); + } + } + } + + List<VXAuditMap> newAuditMapList = vXResource.getAuditList(); + VXAuditMapList vXAuditMaps = xAuditMapService + .searchXAuditMaps(searchCriteria); + List<VXAuditMap> prevAuditMapList = new ArrayList<VXAuditMap>(); + if (vXAuditMaps != null && vXAuditMaps.getResultSize() != 0) { + prevAuditMapList = vXAuditMaps.getList(); + } + + // Create and update permissions + if (newAuditMapList != null) { + for (VXAuditMap newObj : newAuditMapList) { + if (newObj.getId() != null) { + /** + * Considering the new objects won't have id however the + * existing ones will have id. + */ + for (VXAuditMap oldObj : prevAuditMapList) { + if (oldObj.getId().equals(newObj.getId()) + && oldObj.getAuditType() != newObj + .getAuditType()) { + // This should never be the case because we're not + // supporting perm map update. + // doNothing... + logger.error( + "Invalid use case: shouldn't be happening, need to debug.", + new IllegalStateException()); + break; + // } else { + // trxLogList.addAll(xAuditMapService.getTransactionLog(newObj, + // oldObj, "update")); + } + } + // newObj = xAuditMapService.updateResource(newObj); + } else { + newObj = xAuditMapService.createResource(newObj); + trxLogList.addAll(xAuditMapService.getTransactionLog( + newObj, "create")); + } + auditMaps.add(newObj); + } + } + + // Delete old removed permissions + if (prevAuditMapList != null) { + for (VXAuditMap oldObj : prevAuditMapList) { + boolean found = false; + if (newAuditMapList != null) { + for (VXAuditMap newObj : newAuditMapList) { + if (newObj.getId() != null + && newObj.getId().equals(oldObj.getId())) { + found = true; + break; + } + } + } + + if (!found) { + trxLogList.addAll(xAuditMapService.getTransactionLog( + oldObj, "delete")); + auditMapsToDelete.add(oldObj); + // xAuditMapService.deleteResource(oldObj.getId()); + } + } + } + + xaBizUtil.createTrxLog(trxLogList); + + for (VXPermMap permMap : permMapsToDelete) { + xPermMapService.deleteResource(permMap.getId()); + } + + for (VXAuditMap auditMap : auditMapsToDelete) { + xAuditMapService.deleteResource(auditMap.getId()); + } + resource.setPermMapList(permMaps); + resource.setAuditList(auditMaps); + return resource; + } + + @Override + public void deleteXResource(Long id, boolean force) { + + VXResource vResource = xResourceService.readResource(id); + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + if (currentUserSession == null) { + throw restErrorUtil.createRESTException("Resource deletion not " + + "allowed",MessageEnums.OPER_NO_PERMISSION); + } + + Long assetId = vResource.getAssetId(); + XXAsset xAsset = xADaoManager.getXXAsset().getById(assetId); + if (xAsset == null) { + throw restErrorUtil.createRESTException("The repository for which " + + "you're deleting policy, doesn't exist.", + MessageEnums.INVALID_INPUT_DATA); + } + + if(xAsset.getActiveStatus()==XACommonEnums.STATUS_DISABLED){ + if(!currentUserSession.isUserAdmin()){ + logger.error("Trying to delete policy in disabled repository"); + throw restErrorUtil.createRESTException("Resource " + + "deletion not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION); + } + } + + SearchCriteria searchCriteria = new SearchCriteria(); + searchCriteria.addParam("resourceId", id); + + VXPermMapList permMaps = xPermMapService + .searchXPermMaps(searchCriteria); + VXAuditMapList vXAuditMapsList = xAuditMapService + .searchXAuditMaps(searchCriteria); + + List<XXTrxLog> trxLogList = xResourceService.getTransactionLog( + vResource, "delete"); + + for (VXPermMap vxPermMap : permMaps.getVXPermMaps()) { + trxLogList.addAll(xPermMapService.getTransactionLog(vxPermMap, + "delete")); + } + + for (VXAuditMap vXAuditMaps : vXAuditMapsList.getVXAuditMaps()) { + trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMaps, + "delete")); + } + + xaBizUtil.createTrxLog(trxLogList); + + for (VXPermMap vxPermMap : permMaps.getVXPermMaps()) { + xPermMapService.deleteResource(vxPermMap.getId()); + } + + for (VXAuditMap vXAuditMaps : vXAuditMapsList.getVXAuditMaps()) { + xAuditMapService.deleteResource(vXAuditMaps.getId()); + } + + xResourceService.deleteResource(id); + } + + public File getXResourceFile(Long id, String fileType) { + VXResource xResource = xResourceService.readResource(id); + if (xResource == null) { + throw this.restErrorUtil.createRESTException( + "serverMsg.datasourceIdEmpty" + "id " + id, + MessageEnums.DATA_NOT_FOUND, id, "dataSourceId", + "DataSource not found with " + "id " + id); + } + File file = null; + try { + if (fileType != null) { + if (fileType.equalsIgnoreCase("json")) { + file = jsonUtil.writeJsonToFile(xResource, + xResource.getName()); + } else { + throw restErrorUtil.createRESTException( + "Please send the supported filetype.", + MessageEnums.INVALID_INPUT_DATA); + } + } else { + throw restErrorUtil + .createRESTException( + "Please send the file format in which you want to export.", + MessageEnums.DATA_NOT_FOUND); + } + } catch (JsonGenerationException e) { + throw this.restErrorUtil.createRESTException( + "serverMsg.jsonGeneration" + " : " + e.getMessage(), + MessageEnums.ERROR_SYSTEM); + } catch (JsonMappingException e) { + throw this.restErrorUtil.createRESTException( + "serverMsg.jsonMapping" + " : " + e.getMessage(), + MessageEnums.ERROR_SYSTEM); + } catch (IOException e) { + throw this.restErrorUtil.createRESTException( + "serverMsg.ioException" + " : " + e.getMessage(), + MessageEnums.ERROR_SYSTEM); + } + + return file; + } + + public VXStringList getHdfsResources(final String dataSourceName, + String baseDir) { + if (dataSourceName != null && baseDir != null) { + List<String> strList = new ArrayList<String>(); + try { + String wildCardToMatch; + final HadoopFS hdfsClient = assetConnectionMgr + .getHadoopConnection(dataSourceName); + + if (hdfsClient != null) { + Integer lastIndex = baseDir.lastIndexOf("/"); + if (lastIndex < 0) { + wildCardToMatch = baseDir + "*"; + baseDir = "/"; + } else if (lastIndex == 0 && baseDir.length() == 1) { + wildCardToMatch = null; + baseDir = "/"; + } else if ((lastIndex + 1) == baseDir.length()) { + wildCardToMatch = null; + baseDir = baseDir.substring(0, lastIndex + 1); + } else { + wildCardToMatch = baseDir.substring(lastIndex + 1) + + "*"; + baseDir = baseDir.substring(0, lastIndex + 1); + } + + final String finalBaseDir = baseDir; + final String finalWildCardToMatch = wildCardToMatch; + final Callable<List<String>> callableObj = new Callable<List<String>>() { + + @Override + public List<String> call() throws Exception { + return hdfsClient.listFiles(finalBaseDir, + finalWildCardToMatch); + } + + }; + + strList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); // If + // strList = hdfsClient.listFiles(finalBaseDir, + // finalWildCardToMatch); + logger.debug("Resource dir : " + baseDir + + " wild card to match : " + wildCardToMatch + + "\n Matching resources : " + strList); + } + } catch (Exception e) { + logger.error("Unable to get hdfs resources.", e); + } + + return msBizUtil.mapStringListToVStringList(strList); + } else { + return new VXStringList(); + } + } + + public String getLatestRepoPolicy(String repository, + X509Certificate[] certchain, boolean httpEnabled, String epoch, + String ipAddress, boolean isSecure, String count, String agentId) { + + XXAsset xAsset = xADaoManager.getXXAsset().findByAssetName(repository); + if(xAsset==null){ + logger.error("Requested repository not found"); + throw restErrorUtil.createRESTException("No Data Found.", + MessageEnums.DATA_NOT_FOUND); + } + if(xAsset.getActiveStatus()==XACommonEnums.ACT_STATUS_DISABLED){ + logger.error("Requested repository is disabled"); + throw restErrorUtil.createRESTException("Unauthorized access.", + MessageEnums.OPER_NO_EXPORT); + } + + XXPolicyExportAudit policyExportAudit = new XXPolicyExportAudit(); + policyExportAudit.setRepositoryName(repository); + + if (agentId != null && !agentId.isEmpty()) { + policyExportAudit.setAgentId(agentId); + } + + policyExportAudit.setClientIP(ipAddress); + + if (epoch != null && !epoch.trim().isEmpty() && !epoch.equalsIgnoreCase("null")) { + policyExportAudit.setRequestedEpoch(Long.parseLong(epoch)); + } else { + policyExportAudit.setRequestedEpoch(0l); + } + + if (!httpEnabled) { + if (!isSecure) { + policyExportAudit + .setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + throw restErrorUtil.createRESTException("Unauthorized access -" + + " only https allowed", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + + if (certchain == null || certchain.length == 0) { + + policyExportAudit + .setHttpRetCode(HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + throw restErrorUtil.createRESTException("Unauthorized access -" + + " unable to get client certificate", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + Long policyCount = restErrorUtil.parseLong(count, "Invalid value for " + + "policyCount", MessageEnums.INVALID_INPUT_DATA, null, + "policyCount"); + + String commonName = null; + + if (certchain != null) { + X509Certificate clientCert = certchain[0]; + String dn = clientCert.getSubjectX500Principal().getName(); + + try { + LdapName ln = new LdapName(dn); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("CN")) { + commonName = rdn.getValue() + ""; + break; + } + } + if (commonName == null) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + throw restErrorUtil.createRESTException( + "Unauthorized access - Unable to find Common Name from [" + + dn + "]", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } catch (InvalidNameException e) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + logger.error("Invalid Common Name.", e); + throw restErrorUtil.createRESTException( + "Unauthorized access - Invalid Common Name", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + if (repository == null || repository.isEmpty()) { + + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + logger.error("Repository name not provided"); + throw restErrorUtil.createRESTException("Unauthorized access.", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + + + + if (xAsset == null) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + logger.error("Requested repository doesn't exist"); + throw restErrorUtil.createRESTException("Unauthorized access.", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + + if (policyCount == null) { + policyCount = 0l; + } + + if (commonName != null) { + String config = xAsset.getConfig(); + Map<String, String> configMap = jsonUtil.jsonToMap(config); + String cnFromConfig = configMap.get("commonNameForCertificate"); + + if (cnFromConfig == null + || !commonName.equalsIgnoreCase(cnFromConfig)) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + + throw restErrorUtil.createRESTException( + "Unauthorized access. expected [" + cnFromConfig + + "], found [" + commonName + "]", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + // ////////////////////////////////////// + // Get latest updated time of repository + // ////////////////////////////////////// + Timestamp luTime = xADaoManager.getXXResource() + .getMaxUpdateTimeForAssetName(repository); + + HashMap<String, Object> updatedRepo = new HashMap<String, Object>(); + updatedRepo.put("repository_name", repository); + + Long updatedTime = 0l; + List<HashMap<String, Object>> resourceList = new ArrayList<HashMap<String, Object>>(); + + if (luTime != null) { + updatedTime = luTime.getTime(); + } + + { + List<XXResource> xResourceList = new ArrayList<XXResource>(); + + long epochTime = epoch != null ? Long.parseLong(epoch) : 0; + + if(epochTime == updatedTime) { + //TODO: instead of getting entire list, get just count(*) for the given repository + xResourceList = xADaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L)); + + int resourceListSz = (xResourceList == null) ? 0 : xResourceList.size() ; + + if (policyCount == resourceListSz) { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_NOT_MODIFIED); + createPolicyAudit(policyExportAudit); + + throw restErrorUtil.createRESTException( + HttpServletResponse.SC_NOT_MODIFIED, + "No change since last update", false); + } + + } else { + xResourceList = xADaoManager.getXXResource().findUpdatedResourcesByAssetName(repository, new Date(0L)); + } + + + // HDFS Repository + if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) { + for (XXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + resourceMap.put("id", xResource.getId()); + resourceMap.put("resource", xResource.getName()); + resourceMap.put("isRecursive", + getBooleanValue(xResource.getIsRecursive())); + resourceMap.put("policyStatus", XACommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HDFS); + List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap() + .findByResourceId(xResource.getId()); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + + resourceList.add(resourceMap); + } + } else if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) { + for (XXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + resourceMap.put("id", xResource.getId()); + resourceMap.put("database_name", xResource.getDatabases()); + resourceMap.put("policyStatus", XACommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + resourceMap.put("tablePolicyType", AppConstants + .getLabelFor_PolicyType(xResource.getTableType())); + resourceMap.put("columnPolicyType", AppConstants + .getLabelFor_PolicyType(xResource.getColumnType())); + int resourceType = xResource.getResourceType(); + if (resourceType == AppConstants.RESOURCE_UDF) { + resourceMap.put("udf_name", xResource.getUdfs()); + } else if (resourceType == AppConstants.RESOURCE_COLUMN) { + resourceMap.put("table_name", xResource.getTables()); + resourceMap.put("column_name", xResource.getColumns()); + } else if (resourceType == AppConstants.RESOURCE_TABLE) { + resourceMap.put("table_name", xResource.getTables()); + } + + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HIVE); + List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap() + .findByResourceId(xResource.getId()); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); + } + } + + else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) { + for (XXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + + resourceMap.put("id", xResource.getId()); + resourceMap.put("table_name", xResource.getTables()); + resourceMap.put("column_name", xResource.getColumns()); + resourceMap.put("column_families", + xResource.getColumnFamilies()); + resourceMap.put("policyStatus", XACommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); + } + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_HBASE); + List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap() + .findByResourceId(xResource.getId()); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); + } + } + else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) { + for (XXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + + resourceMap.put("id", xResource.getId()); + resourceMap.put("topology_name", xResource.getTopologies()) ; + resourceMap.put("service_name", xResource.getServices()) ; + resourceMap.put("policyStatus", XACommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); + } + // resourceMap.put("isEncrypt", + // AKAConstants.getLabelFor_BooleanValue(xResource.getIsEncrypt())); + populatePermMap(xResource, resourceMap, AppConstants.ASSET_KNOX); + List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap() + .findByResourceId(xResource.getId()); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); + } + + } + else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) { + for (XXResource xResource : xResourceList) { + HashMap<String, Object> resourceMap = new HashMap<String, Object>(); + + resourceMap.put("id", xResource.getId()); + resourceMap.put("topology_name", xResource.getTopologies()) ; + resourceMap.put("policyStatus", XACommonEnums + .getLabelFor_ActiveStatus(xResource + .getResourceStatus())); + if (xResource.getIsEncrypt() == 1) { + resourceMap.put("encrypt", 1); + } else { + resourceMap.put("encrypt", 0); + } + populatePermMap(xResource, resourceMap, AppConstants.ASSET_STORM); + List<XXAuditMap> xAuditMaps = xADaoManager.getXXAuditMap() + .findByResourceId(xResource.getId()); + if (xAuditMaps.size() != 0) { + resourceMap.put("audit", 1); + } else { + resourceMap.put("audit", 0); + } + resourceList.add(resourceMap); + } + } else { + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_BAD_REQUEST); + createPolicyAudit(policyExportAudit); + throw restErrorUtil.createRESTException( + "The operation isn't yet supported for the repository", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + policyCount = Long.valueOf(resourceList.size()); + updatedRepo.put("last_updated", updatedTime); + updatedRepo.put("policyCount", policyCount); + updatedRepo.put("acl", resourceList); + + String updatedPolicyStr = jsonUtil.readMapToString(updatedRepo); + +// File file = null; +// try { +// file = jsonUtil.writeMapToFile(updatedRepo, repository); +// } catch (JsonGenerationException e) { +// logger.error("Error exporting policies for repository : " +// + repository, e); +// } catch (JsonMappingException e) { +// logger.error("Error exporting policies for repository : " +// + repository, e); +// } catch (IOException e) { +// logger.error("Error exporting policies for repository : " +// + repository, e); +// } + + policyExportAudit + .setHttpRetCode(javax.servlet.http.HttpServletResponse.SC_OK); + createPolicyAudit(policyExportAudit); + + return updatedPolicyStr; + } + + public VXStringList getHiveResources(final String dataSourceName, + String databaseName, String tableName, String columnName) { + + List<String> resultList = new ArrayList<String>(); + if (dataSourceName != null) { + final HiveClient hiveClient = assetConnectionMgr + .getHiveConnection(dataSourceName); + + try { + final Callable<List<String>> callableObj; + final String finalDbName; + final String finalColName; + final String finalTableName; + + if (hiveClient != null && databaseName != null + && !databaseName.isEmpty()) { + if (tableName != null && !tableName.isEmpty()) { + if (columnName != null && !columnName.isEmpty()) { + columnName += "*"; + finalColName = columnName; + finalDbName = databaseName; + finalTableName = tableName; + + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return hiveClient.getColumnList( + finalDbName, finalTableName, + finalColName); + } + }; + } else { + tableName += "*"; + finalTableName = tableName; + finalDbName = databaseName; + callableObj = new Callable<List<String>>() { + + @Override + public List<String> call() { + return hiveClient.getTableList(finalDbName, + finalTableName); + } + + }; + } + } else { + databaseName += "*"; + finalDbName = databaseName; + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return hiveClient.getDatabaseList(finalDbName); + } + }; + + } + + synchronized (hiveClient) { + resultList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); + } + + } + } catch (Exception e) { + logger.error("Unable to get hive resources.", e); + } + } + + return msBizUtil.mapStringListToVStringList(resultList); + } + + @Override + public VXAsset createXAsset(VXAsset vXAsset) { + UserSessionBase usb = ContextUtil.getCurrentUserSession(); + if (usb != null && usb.isUserAdmin()) { + + String defaultConfig = vXAsset.getConfig(); + defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,false); + vXAsset.setConfig(defaultConfig); + VXAsset createdVXAsset = (VXAsset) xAssetService + .createResource(vXAsset); + String udpatedConfig = vXAsset.getConfig(); + createdVXAsset.setConfig(defaultConfig); + + createDefaultPolicy(createdVXAsset, vXAsset.getConfig()); + createDefaultUDFPolicy(createdVXAsset, vXAsset.getConfig()); + createdVXAsset.setConfig(udpatedConfig); + + List<XXTrxLog> trxLogList = xAssetService.getTransactionLog( + createdVXAsset, "create"); + xaBizUtil.createTrxLog(trxLogList); + return createdVXAsset; + } else { + logger.debug("User id : " + usb.getUserId() + " doesn't have " + + "admin access to create repository."); + throw restErrorUtil + .createRESTException( + "Sorry, you don't have permission to perform the operation", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + private void createDefaultPolicy(VXAsset vXAsset, String config) { + int assetType = vXAsset.getAssetType(); + + Map<String, String> configMap = jsonUtil.jsonToMap(config); + String userName = stringUtil.getValidUserName(configMap.get("username")); + + VXResource vXResource = new VXResource(); + vXResource.setAssetId(vXAsset.getId()); + vXResource.setAssetName(vXAsset.getName()); + vXResource.setResourceStatus(AppConstants.STATUS_ENABLED); + String tempPolicyName=vXAsset.getName()+"-"+1+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss"); + vXResource.setPolicyName(tempPolicyName); + if (assetType == AppConstants.ASSET_HDFS) { + vXResource.setName("/"); + vXResource.setIsRecursive(AppConstants.BOOL_TRUE); + vXResource.setResourceType(AppConstants.RESOURCE_PATH); + } else if (assetType == AppConstants.ASSET_HIVE) { + vXResource.setDatabases("*"); + vXResource.setTables("*"); + vXResource.setColumns("*"); + vXResource.setName("/*/*/*"); + vXResource.setResourceType(AppConstants.RESOURCE_COLUMN); + } else if (assetType == AppConstants.ASSET_HBASE) { + vXResource.setTables("*"); + vXResource.setColumnFamilies("*"); + vXResource.setColumns("*"); + vXResource.setName("/*/*/*"); + vXResource.setResourceType(AppConstants.RESOURCE_COLUMN); + } else if (assetType == AppConstants.ASSET_KNOX) { + vXResource.setTopologies("*"); + vXResource.setServices("*"); + vXResource.setName("/*/*"); + vXResource.setResourceType(AppConstants.RESOURCE_SERVICE_NAME); + } else if (assetType == AppConstants.ASSET_STORM) { + vXResource.setTopologies("*"); + vXResource.setName("/*"); + vXResource.setResourceType(AppConstants.RESOURCE_TOPOLOGY); + } + + vXResource = xResourceService.createResource(vXResource); + + if (userName != null && !userName.isEmpty()) { + XXUser xxUser = xADaoManager.getXXUser().findByUserName(userName); + VXUser vXUser; + if (xxUser != null) { + vXUser = xUserService.populateViewBean(xxUser); + } else { + vXUser = new VXUser(); + vXUser.setName(userName); + vXUser.setUserSource(XACommonEnums.USER_EXTERNAL); + vXUser=xUserMgr.createXUser(vXUser); + //vXUser = xUserService.createResource(vXUser); + } + + Random rand = new Random(); + String permGrp = new Date() + " : " + rand.nextInt(9999); + + VXPermMap vXPermMap = new VXPermMap(); + vXPermMap.setUserId(vXUser.getId()); + vXPermMap.setResourceId(vXResource.getId()); + vXPermMap.setPermGroup(permGrp); + xPermMapService.createResource(vXPermMap); + + if (assetType == AppConstants.ASSET_KNOX) { + String permGroup = new Date() + " : " + rand.nextInt(9999); + + VXPermMap permAdmin = new VXPermMap(); + permAdmin.setPermFor(AppConstants.XA_PERM_FOR_USER); + permAdmin.setPermType(AppConstants.XA_PERM_TYPE_ADMIN); + permAdmin.setUserId(vXUser.getId()); + permAdmin.setPermGroup(permGroup); + permAdmin.setResourceId(vXResource.getId()); + xPermMapService.createResource(permAdmin); + + VXPermMap permAllow = new VXPermMap(); + permAllow.setPermFor(AppConstants.XA_PERM_FOR_USER); + permAllow.setPermType(AppConstants.XA_PERM_TYPE_ALLOW); + permAllow.setUserId(vXUser.getId()); + permAllow.setPermGroup(permGroup); + permAllow.setResourceId(vXResource.getId()); + xPermMapService.createResource(permAllow); + } + } + + VXAuditMap vXAuditMap = new VXAuditMap(); + vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL); + vXAuditMap.setResourceId(vXResource.getId()); + vXAuditMap = xAuditMapService.createResource(vXAuditMap); + vXResource=xResourceService.readResource(vXResource.getId()); + List<VXPermMap> permMapList = vXResource.getPermMapList(); + List<VXAuditMap> auditMapList = vXResource.getAuditList(); + + List<XXTrxLog> trxLogList = xResourceService.getTransactionLog( + vXResource, "create"); + for (VXPermMap vXPermMap : permMapList) { + trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap, + "create")); + } + for (VXAuditMap vXAuditMapObj : auditMapList) { + trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMapObj, + "create")); + } + + xaBizUtil.createTrxLog(trxLogList); + + + } + + @Override + public VXAsset updateXAsset(VXAsset vXAsset) { + UserSessionBase usb = ContextUtil.getCurrentUserSession(); + if (usb != null && usb.isUserAdmin()) { + String newConfig=vXAsset.getConfig(); + HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil + .jsonToMap(newConfig); + String password = configMap.get("password"); + String hiddenPasswordString = PropertiesUtil.getProperty( + "xa.password.hidden", "*****"); + if (password != null && !password.equals(hiddenPasswordString)) { + String defaultConfig = vXAsset.getConfig(); + defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,true); + vXAsset.setConfig(defaultConfig); + } + XXAsset xAsset = xADaoManager.getXXAsset() + .getById(vXAsset.getId()); + + if (xAsset.getActiveStatus() == XACommonEnums.STATUS_DELETED) { + logger.error("Trying to update Asset which is soft deleted"); + throw restErrorUtil.createRESTException( + "Repository that you want to update does not exist.", + MessageEnums.DATA_NOT_FOUND, xAsset.getId(), null, + "Repository not exist for this Id : " + xAsset.getId()); + } + + List<XXTrxLog> trxLogList = xAssetService.getTransactionLog( + vXAsset, xAsset, "update"); + vXAsset = (VXAsset) xAssetService.updateResource(vXAsset); + // update default policy permission and user + updateDefaultPolicy(vXAsset, vXAsset.getConfig()); + // TODO this should reset the connection + assetConnectionMgr.destroyConnection(vXAsset); + // TODO : Log in transaction log table + xaBizUtil.createTrxLog(trxLogList); + return vXAsset; + } else { + throw restErrorUtil.createRESTException( + "serverMsg.modelMgrBaseUpdateModel", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + @Override + public void deleteXAsset(Long id, boolean force) { + UserSessionBase usb = ContextUtil.getCurrentUserSession(); + if (usb != null && usb.isUserAdmin() && force) { + VXAsset vxAsset = xAssetService.readResource(id); + + if (vxAsset.getActiveStatus() == XACommonEnums.STATUS_DELETED) { + logger.error("Trying to delete Asset which is already soft deleted"); + throw restErrorUtil.createRESTException( + "Repository not found or its already deleted, for Id : " + + id, MessageEnums.DATA_NOT_FOUND, id, null, + "Repository not exist for this Id : " + id); + } + + SearchCriteria searchCriteria = new SearchCriteria(); + searchCriteria.addParam("assetId", id); + VXResourceList resources = searchXResources(searchCriteria); + if (resources != null && resources.getResultSize() != 0) { + for (VXResource resource : resources.getList()) { + deleteXResource(resource.getId(), true); + } + } + vxAsset.setActiveStatus(XACommonEnums.STATUS_DELETED); + xAssetService.updateResource(vxAsset); + List<XXTrxLog> trxLogList = xAssetService.getTransactionLog( + vxAsset, "delete"); + xaBizUtil.createTrxLog(trxLogList); + } else { + throw restErrorUtil.createRESTException( + "serverMsg.modelMgrBaseDeleteModel", + MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); + } + } + + public VXStringList getHBaseResources(final String dataSourceName, + String tableName, String columnFamilies) { + + List<String> resultList = new ArrayList<String>(); + if (dataSourceName != null) { + final HBaseClient hBaseClient = assetConnectionMgr + .getHBaseConnection(dataSourceName); + + try { + final Callable<List<String>> callableObj; + if (hBaseClient != null && tableName != null + && !tableName.isEmpty()) { + final String finalColFamilies; + final String finalTableName; + + if (columnFamilies != null && !columnFamilies.isEmpty()) { + if (!columnFamilies.endsWith("*")) { + columnFamilies += "*"; + } + + columnFamilies = columnFamilies.replaceAll("\\*", + ".\\*"); + finalColFamilies = columnFamilies; + finalTableName = tableName; + + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return hBaseClient.getColumnFamilyList( + finalTableName, finalColFamilies); + } + }; + + } else { + if (!tableName.endsWith("*")) { + tableName += "*"; + } + + tableName = tableName.replaceAll("\\*", ".\\*"); + finalTableName = tableName; + + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return hBaseClient.getTableList(finalTableName); + } + }; + + } + resultList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); + } + + } catch (Exception e) { + logger.error("Unable to get hbase resources.", e); + } + } + + return msBizUtil.mapStringListToVStringList(resultList); + } + + public VXStringList getKnoxResources( + String knoxUrl,String knoxAdminUser, String knoxAdminPassword, + String topologyName, String serviceName) { + List<String> resultList = new ArrayList<String>(); + if (knoxUrl == null || knoxUrl.isEmpty()) { + logger.error("Unable to get knox resources: knoxUrl is empty"); + return msBizUtil.mapStringListToVStringList(resultList); + } else if (knoxAdminUser == null || knoxAdminUser.isEmpty()) { + logger.error("Unable to get knox resources: knoxAdminUser is empty"); + return msBizUtil.mapStringListToVStringList(resultList); + } else if (knoxAdminPassword == null || knoxAdminPassword.isEmpty()) { + logger.error("Unable to get knox resources: knoxAdminPassword is empty"); + return msBizUtil.mapStringListToVStringList(resultList); + } + + final KnoxClient knoxClient = assetConnectionMgr + .getKnoxClient(knoxUrl, knoxAdminUser, knoxAdminPassword); + VXStringList knoxResources = getKnoxResources(knoxClient, topologyName, serviceName); + return knoxResources; + } + + public VXStringList getKnoxResources(final String dataSourceName, + String topologyName, String serviceName) { + List<String> resultList = new ArrayList<String>(); + if (dataSourceName == null || dataSourceName.isEmpty()) { + logger.error("Unable to get knox resources: dataSourceName is null"); + return msBizUtil.mapStringListToVStringList(resultList); + } + + final KnoxClient knoxClient = assetConnectionMgr + .getKnoxClient(dataSourceName); + VXStringList knoxResources = getKnoxResources(knoxClient, topologyName, serviceName); + return knoxResources; + } + + + public VXStringList getKnoxResources(final KnoxClient knoxClient, + String topologyName, String serviceName) { + + List<String> resultList = new ArrayList<String>(); + + try { + if (knoxClient == null) { + logger.error("Unable to get knox resources: knoxClient is null"); + return msBizUtil.mapStringListToVStringList(resultList); + } + + final Callable<List<String>> callableObj; + if (serviceName != null) { + final String finalServiceNameMatching = serviceName.trim(); + final String finalTopologyName = topologyName; + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return knoxClient.getServiceList(finalTopologyName, + finalServiceNameMatching); + } + }; + + } else { + final String finalTopologyNameMatching = (topologyName == null) ? + "" : topologyName.trim(); + callableObj = new Callable<List<String>>() { + @Override + public List<String> call() { + return knoxClient.getTopologyList(finalTopologyNameMatching); + } + }; + } + resultList = TimedEventUtil.timedTask(callableObj, 5, + TimeUnit.SECONDS); + + } catch (Exception e) { + logger.error("Unable to get knox resources.", e); + } + + return msBizUtil.mapStringListToVStringList(resultList); + } + + public VXResponse testConfig(VXAsset vXAsset) { + + if (vXAsset.getActiveStatus() == XACommonEnums.STATUS_DELETED) { + logger.error("Trying to test Asset which is soft deleted"); + throw restErrorUtil.createRESTException( + "Repository not found, Repository Name : " + vXAsset.getName(), + MessageEnums.DATA_NOT_FOUND, vXAsset.getId(), null, + "Repository not exist for this Id : " + vXAsset.getId()); + } + + int assetType = vXAsset.getAssetType(); + + VXResponse testResponse = new VXResponse(); + HashMap<String, Object> responseData = new HashMap<String, Object>(); + + HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil + .jsonToMap(vXAsset.getConfig()); + String password = configMap.get("password"); + String hiddenPasswordString = PropertiesUtil.getProperty( + "xa.password.hidden", "*****"); + + if (password != null && password.equals(hiddenPasswordString)) { + String assetName = vXAsset.getName(); + if (assetName != null) { + XXAsset existingVXAsset = xADaoManager.getXXAsset() + .findByAssetName(assetName); + if (existingVXAsset != null + && existingVXAsset.getConfig() != null) { + String existingConfig = existingVXAsset.getConfig(); + existingConfig=xAssetService.getConfigWithDecryptedPassword(existingConfig); + HashMap<String, String> existingConfigMap = (HashMap<String, String>) jsonUtil + .jsonToMap(existingConfig); + String existingPassword = existingConfigMap.get("password"); + if (existingPassword != null) { + configMap.put("password", existingPassword); + } + } + } + } + + try { + String dataSource = vXAsset.getName(); + if (assetType == AppConstants.ASSET_HDFS) { + // HadoopFS connectionObj = new HadoopFS(vXAsset.getName(), + // configMap); + // if (connectionObj != null) { + // List<String> testResult = connectionObj + // .listFiles("/", null); + // if (testResult != null && testResult.size() != 0) { + // connectivityStatus = true; + // } + // } + responseData = HadoopFS.testConnection(dataSource, configMap); + } else if (assetType == AppConstants.ASSET_HIVE) { + // HiveClient connectionObj = new HiveClient(vXAsset.getName(), + // configMap); + // if (connectionObj != null) { + // List<String> testResult = connectionObj + // .getDatabaseList("*"); + // if (testResult != null && testResult.size() != 0) { + // connectivityStatus = true; + // } + // } + // connectionObj.close(); + responseData = HiveClient.testConnection(dataSource, configMap); + } else if (assetType == AppConstants.ASSET_HBASE) { + // HBaseClient connectionObj = new + // HBaseClient(vXAsset.getName(), + // configMap); + // if (connectionObj != null) { + // connectivityStatus = connectionObj.getHBaseStatus(); + // } else { + // Log.error("testConfig: Not able to create HBaseClient"); + // } + responseData = HBaseClient + .testConnection(dataSource, configMap); + } else if (assetType == AppConstants.ASSET_KNOX) { + // KnoxClient knoxClient = assetConnectionMgr.getKnoxClient( + // vXAsset.getName(), configMap); + // VXStringList vxStringList = getKnoxResources(knoxClient, "", + // null); + // if (vxStringList != null && (vxStringList.getListSize() != + // 0)) { + // connectivityStatus = true; + // } + responseData = KnoxClient.testConnection(dataSource, configMap); + } else if (assetType == AppConstants.ASSET_STORM) { + responseData = StormClient.testConnection(dataSource, configMap); + } else { + throw restErrorUtil.createRESTException( + "Invalid repository type.", + MessageEnums.INVALID_INPUT_DATA); + } + testResponse = generateResponseForTestConn(responseData, ""); + + } catch (Exception e) { + + String msg = "Unable to connect repository with given config for " + + vXAsset.getName(); + HashMap<String, Object> respData = new HashMap<String, Object>(); + String message = ""; + if (e instanceof HadoopException) { + respData = ((HadoopException) e).responseData; + message = (respData != null && respData.get("message") != null) ? respData.get( + "message").toString() : msg; + } + if(respData == null) { + respData = new HashMap<String, Object>(); + } + testResponse = generateResponseForTestConn(respData, message); + logger.error(msg, e); + } + return testResponse; + } + + private VXResponse generateResponseForTestConn( + HashMap<String, Object> responseData, String msg) { + VXResponse vXResponse = new VXResponse(); + + Long objId = (responseData.get("objectId") != null) ? Long + .parseLong(responseData.get("objectId").toString()) : null; + boolean connectivityStatus = (responseData.get("connectivityStatus") != null) ? Boolean + .parseBoolean(responseData.get("connectivityStatus").toString()) + : false; + int statusCode = (connectivityStatus) ? VXResponse.STATUS_SUCCESS + : VXResponse.STATUS_ERROR; + String message = (responseData.get("message") != null) ? responseData + .get("message").toString() : msg; + String description = (responseData.get("description") != null) ? responseData + .get("description").toString() : msg; + String fieldName = (responseData.get("fieldName") != null) ? responseData + .get("fieldName").toString() : null; + + VXMessage vXMsg = new VXMessage(); + List<VXMessage> vXMsgList = new ArrayList<VXMessage>(); + vXMsg.setFieldName(fieldName); + vXMsg.setMessage(message); + vXMsg.setObjectId(objId); + vXMsgList.add(vXMsg); + + vXResponse.setMessageList(vXMsgList); + vXResponse.setMsgDesc(description); + vXResponse.setStatusCode(statusCode); + return vXResponse; + } + + private void createResourcePathForHive(VXResource vXResource) { + + String[] databases = (vXResource.getDatabases() == null || vXResource + .getDatabases().equalsIgnoreCase("")) ? null : stringUtil + .split(vXResource.getDatabases(), ","); + String[] tables = (vXResource.getTables() == null || vXResource + .getTables().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getTables(), ","); + String[] udfs = (vXResource.getUdfs() == null || vXResource.getUdfs() + .equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getUdfs(), ","); + String[] columns = (vXResource.getColumns() == null || vXResource + .getColumns().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getColumns(), ","); + + StringBuilder stringBuilder = new StringBuilder(); + +// int resourceType = vXResource.getResourceType(); + int resourceType = xPolicyService.getResourceType(vXResource); + + if (databases == null) { + logger.error("Invalid resources for hive policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resources.", MessageEnums.INVALID_INPUT_DATA); + } + + switch (resourceType) { + + case AppConstants.RESOURCE_COLUMN: + for (String column : columns) { + for (String table : tables) { + for (String database : databases) { + stringBuilder.append("/" + database + "/" + table + "/" + + column + ","); + } + } + } + break; + + case AppConstants.RESOURCE_TABLE: + for (String table : tables) { + for (String database : databases) { + stringBuilder.append("/" + database + "/" + table + ","); + } + } + break; + + case AppConstants.RESOURCE_UDF: + for (String udf : udfs) { + for (String database : databases) { + stringBuilder.append("/" + database + "/" + udf + ","); + } + } + break; + + case AppConstants.RESOURCE_DB: + for (String database : databases) { + stringBuilder.append("/" + database + ","); + } + break; + + default: + logger.error("Invalid resource type : " + resourceType + + " for hive policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resource type.", MessageEnums.INVALID_INPUT_DATA); + } + + int lastIndexOfSeperator = stringBuilder.lastIndexOf(","); + if (lastIndexOfSeperator > 0) { + String name = stringBuilder.substring(0, + stringBuilder.lastIndexOf(",")); + vXResource.setName(name); + } else { + vXResource.setName(stringBuilder.toString()); + } + } + + private void createResourcePathForHbase(VXResource vXResource) { + + String[] tables = (vXResource.getTables() == null || vXResource + .getTables().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getTables(), ","); + String[] columnFamilies = (vXResource.getColumnFamilies() == null || vXResource + .getColumnFamilies().equalsIgnoreCase("")) ? null : stringUtil + .split(vXResource.getColumnFamilies(), ","); + String[] columns = (vXResource.getColumns() == null || vXResource + .getColumns().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getColumns(), ","); + + StringBuilder stringBuilder = new StringBuilder(); + +// int resourceType = vXResource.getResourceType(); + int resourceType = xPolicyService.getResourceType(vXResource); + + if (tables == null) { + logger.error("Invalid resources for hbase policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resources.", MessageEnums.INVALID_INPUT_DATA); + } + + switch (resourceType) { + + case AppConstants.RESOURCE_COLUMN: + for (String column : columns) { + for (String columnFamily : columnFamilies) { + for (String table : tables) { + stringBuilder.append("/" + table + "/" + columnFamily + + "/" + column + ","); + } + } + } + break; + + case AppConstants.RESOURCE_COL_FAM: + for (String columnFamily : columnFamilies) { + for (String table : tables) { + stringBuilder + .append("/" + table + "/" + columnFamily + ","); + } + } + break; + + case AppConstants.RESOURCE_TABLE: + for (String table : tables) { + stringBuilder.append("/" + table + ","); + } + break; + + default: + logger.error("Invalid resource type : " + resourceType + + " for hbase policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resource type.", MessageEnums.INVALID_INPUT_DATA); + } + + int lastIndexOfSeperator = stringBuilder.lastIndexOf(","); + if (lastIndexOfSeperator > 0) { + String name = stringBuilder.substring(0, + stringBuilder.lastIndexOf(",")); + vXResource.setName(name); + } else { + vXResource.setName(stringBuilder.toString()); + } + } + private void createResourcePathForKnox(VXResource vXResource) { + + String[] topologies = (vXResource.getTopologies() == null || vXResource + .getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getTopologies(), ","); + String[] serviceNames = (vXResource.getServices() == null || vXResource + .getServices().equalsIgnoreCase("")) ? null : stringUtil + .split(vXResource.getServices(), ","); + + StringBuilder stringBuilder = new StringBuilder(); + +// int resourceType = vXResource.getResourceType(); + int resourceType = xPolicyService.getResourceType(vXResource); + + if (topologies == null) { + logger.error("Invalid resources for knox policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resources.", MessageEnums.INVALID_INPUT_DATA); + } + + switch (resourceType) { + + case AppConstants.RESOURCE_SERVICE_NAME: + for (String serviceName : serviceNames) { + for (String topology : topologies) { + stringBuilder + .append("/" + topology + "/" + serviceName + ","); + } + } + break; + + case AppConstants.RESOURCE_TOPOLOGY: + for (String topology : topologies) { + stringBuilder.append("/" + topology + ","); + } + break; + + default: + logger.error("Invalid resource type : " + resourceType + + " for hbase policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resource type.", MessageEnums.INVALID_INPUT_DATA); + } + + int lastIndexOfSeperator = stringBuilder.lastIndexOf(","); + if (lastIndexOfSeperator > 0) { + String name = stringBuilder.substring(0, + stringBuilder.lastIndexOf(",")); + vXResource.setName(name); + } else { + vXResource.setName(stringBuilder.toString()); + } + } + private void createResourcePathForStorm(VXResource vXResource) { + + String[] topologies = (vXResource.getTopologies() == null || vXResource + .getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split( + vXResource.getTopologies(), ","); + + String[] serviceNames = (vXResource.getServices() == null || vXResource + .getServices().equalsIgnoreCase("")) ? null : stringUtil + .split(vXResource.getServices(), ","); + + StringBuilder stringBuilder = new StringBuilder(); + +// int resourceType = vXResource.getResourceType(); + int resourceType = xPolicyService.getResourceType(vXResource); + + if (topologies == null) { + logger.error("Invalid resources for Storm policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resources.", MessageEnums.INVALID_INPUT_DATA); + } + + switch (resourceType) { + + case AppConstants.RESOURCE_TOPOLOGY: + for (String topology : topologies) { + stringBuilder.append("/" + topology + ","); + } + break; + + case AppConstants.RESOURCE_SERVICE_NAME: + for (String serviceName : serviceNames) { + for (String topology : topologies) { + stringBuilder.append("/" + topology + "/" + serviceName + ","); + } + } + break; + + default: + logger.error("Invalid resource type : " + resourceType + + " for Storm policy."); + throw restErrorUtil.createRESTException("Please provide the" + + " valid resource type.", MessageEnums.INVALID_INPUT_DATA); + } + + int lastIndexOfSeperator = stringBuilder.lastIndexOf(","); + if (lastIndexOfSeperator > 0) { + String name = stringBuilder.substring(0, + stringBuilder.lastIndexOf(",")); + vXResource.setName(name); + } else { + vXResource.setName(stringBuilder.toString()); + } + } + @SuppressWarnings("unchecked") + private HashMap<String, Object> populatePermMap(XXResource xResource, + HashMap<String, Object> resourceMap, int assetType) { + List<XXPermMap> xPermMapList = xADaoManager.getXXPermMap() + .findByResourceId(xResource.getId()); + + Set<Long> groupList = new HashSet<Long>(); + for (XXPermMap xPermMap : xPermMapList) { + groupList.add(xPermMap.getId()); + } + + List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String, Object>>(); + + // Loop for adding group perms + for (XXPermMap xPermMap : xPermMapList) { + String groupKey = xPermMap.getPermGroup(); + if (groupKey != null) { + boolean found = false; + for (HashMap<String, Object> sortedPermMap : sortedPermMapGroupList) { + if (sortedPermMap.containsValue(groupKey)) { + found = true; + + Long groupId = xPermMap.getGroupId(); + Long userId = xPermMap.getUserId(); + + if (groupId != null) { + Set<String> groups = (Set<String>) sortedPermMap + .get("groups"); + XXGroup xGroup = xADaoManager.getXXGroup() + .getById(groupId); + if(xGroup!=null && groups != null){ + groups.add(xGroup.getName()); + sortedPermMap.put("groups", groups); + } + } else if (userId != null) { + Set<String> users = (Set<String>) sortedPermMap + .get("users"); + XXUser xUser = xADaoManager.getXXUser().getById( + userId); + if (users != null && xUser != null) { + users.add(xUser.getName()); + sortedPermMap.put("users", users); + } + } + + Set<String> access = (Set<String>) sortedPermMap + .get("access"); + String perm = AppConstants + .getLabelFor_XAPermType(xPermMap.getPermType()); + access.add(perm); + sortedPermMap.put("access", access); + } + } + if (!found) { + HashMap<String, Object> sortedPermMap = new HashMap<String, Object>(); + sortedPermMap.put("groupKey", xPermMap.getPermGroup()); + + Set<String> permSet = new HashSet<String>(); + String perm = AppConstants.getLabelFor_XAPermType(xPermMap + .getPermType()); + permSet.add(perm); + + sortedPermMap.put("access", permSet); + + if(assetType == AppConstants.ASSET_KNOX){ + String[] ipAddrList = new String[0]; + if(xPermMap.getIpAddress() != null){ + ipAddrList = xPermMap.getIpAddress().split(","); + sortedPermMap.put("ipAddress", ipAddrList); + }else + sortedPermMap.put("ipAddress",ipAddrList); + } + + Long groupId = xPermMap.getGroupId(); + Long userId = xPermMap.getUserId(); + + if (groupId != null) { + Set<String> groupSet = new HashSet<String>(); + XXGroup xGroup = xADaoManager.getXXGroup().getById( + xPermMap.getGroupId()); + String group = xGroup.getName(); + groupSet.add(group); + sortedPermMap.put("groups", groupSet); + } else if (userId != null) { + Set<String> userSet = new HashSet<String>(); + XXUser xUser = xADaoManager.getXXUser() + .getById(userId); + String user = xUser.getName(); + userSet.add(user); + sortedPermMap.put("users", userSet); + } + + sortedPermMapGroupList.add(sortedPermMap); + } + } + } + + for (HashMap<String, Object> sortedPermMap : sortedPermMapGroupList) { + sortedPermMap.remove("groupKey"); + } + + for (HashMap<String, Object> sortedPermMap : sortedPermMapGroupList) { + sortedPermMap.remove("groupKey"); + } + + resourceMap.put("permission", sortedPermMapGroupList); + return resourceMap; + } + + private String getBooleanValue(int elementValue) { + if (elementValue == 1) { + return "1"; // BOOL_TRUE + } + return "0"; // BOOL_FALSE + } + + public void updateDefaultPolicy(VXAsset vXAsset, String config) { + int assetType = vXAsset.getAssetType(); + Map<String, String> configMap = jsonUtil.jsonToMap(config); + String userName = stringUtil.getValidUserName(configMap.get("username")); + VXResource vxResource = fetchDefaultPolicyForAsset(vXAsset.getId(), + assetType); + if (vxResource != null) { + UpdateDefaultPolicyUserAndPerm(vxResource, userName); + } + } + + public void UpdateDefaultPolicyUserAndPerm(VXResource vXResource, + String userName) { + if (userName != null && !userName.isEmpty()) { + XXUser xxUser = xADaoManager.getXXUser().findByUserName(userName); + VXUser vXUser; + if (xxUser != null) { + vXUser = xUserService.populateViewBean(xxUser); + } else { + vXUser = new VXUser(); + vXUser.setName(userName); + // FIXME hack : unnecessary. + vXUser.setDescription(userName); + vXUser = xUserService.createResource(vXUser); + } + // fetch old permission and consider only one permission for default + // policy + List<XXPermMap> xxPermMapList = xADaoManager.getXXPermMap() + .findByResourceId(vXResource.getId()); + VXPermMap vXPermMap = null; + if (xxPermMapList != null && xxPermMapList.size() != 0) { + vXPermMap = xPermMapService.populateViewBean(xxPermMapList + .get(0)); + } + + if (vXPermMap == null) { + // create new permission + vXPermMap = new VXPermMap(); + vXPermMap.setUserId(vXUser.getId()); + vXPermMap.setResourceId(vXResource.getId()); + } else { + // update old permission after updating userid + vXPermMap.setUserId(vXUser.getId()); + xPermMapService.updateResource(vXPermMap); + } + + } + + } + + public VXResource fetchDefaultPolicyForAsset(Long assetId, int assetType) { + String resourceName = ""; + List<XXResource> xxResourceList = new ArrayList<XXResource>(); + if (assetType == AppConstants.ASSET_HDFS) { + resourceName = "/*"; + xxResourceList = xADaoManager.getXXResource() + .findByResourceNameAndAssetIdAndRecursiveFlag(resourceName, + assetId, AppConstants.BOOL_TRUE); + } else if (assetType == AppConstants.ASSET_HIVE) { + resourceName = "/*/*/*"; + xxResourceList = xADaoManager.getXXResource() + .findByResourceNameAndAssetIdAndResourceType(resourceName, + assetId, AppConstants.RESOURCE_UNKNOWN); + } else if (assetType == AppConstants.ASSET_HBASE) { + resourceName = "/*/*/*"; + xxResourceList = xADaoManager.getXXResource() + .findByResourceNameAndAssetIdAndResourceType(resourceName, + assetId, AppConstants.RESOURCE_UNKNOWN); + } + XXResource xxResource = null; + for (XXResource resource : xxResourceList) { + if (resource.getName().equals(resourceName)) { + xxResource = resource; + break; + } + } + + if (xxResource != null) { + return xResourceService.populateViewBean(xxResource); + } + return null; + + } + + public XXPolicyExportAudit createPolicyAudit( + final XXPolicyExportAudit xXPolicyExportAudit) { + TransactionTemplate txTemplate = new TransactionTemplate(txManager); + txTemplate + .setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED); + XXPolicyExportAudit policyExportAudit = (XXPolicyExportAudit) txTemplate + .execute(new TransactionCallback<Object>() { + public Object doInTransaction(TransactionStatus status) { + if (xXPolicyExportAudit.getHttpRetCode() == HttpServletResponse.SC_NOT_MODIFIED) { + boolean logNotModified = PropertiesUtil + .getBooleanProperty( + "xa.log.SC_NOT_MODIFIED", false); + if (!logNotModified) { + logger.info("Not logging HttpServletResponse." + + "SC_NOT_MODIFIED, to enable, update " + + ": xa.log.SC_NOT_MODIFIED"); + return null; + } + } + return xADaoManager.getXXPolicyExportAudit().create( + xXPolicyExportAudit); + } + }); + return policyExportAudit; + } + + public VXTrxLogList getReportLogs(SearchCriteria searchCriteria) { + if (!xaBizUtil.isAdmin()) { + throw restErrorUtil.create403RESTException("Permission Denied !"); + } + + if (searchCriteria != null && searchCriteria.getParamList() != null + && searchCriteria.getParamList().size() > 0) { + int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset(); + java.util.Date temp = null; + DateUtil dateUtil = new DateUtil(); + if (searchCriteria.getParamList().containsKey("startDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "startDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("startDate", temp); + } + if (searchCriteria.getParamList().containsKey("endDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "endDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("endDate", temp); + } + if (searchCriteria.getParamList().containsKey("owner")) { + XXPortalUser xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId( + (searchCriteria.getParamList().get("owner").toString())); + if(xXPortalUser!=null){ + searchCriteria.getParamList().put("owner", xXPortalUser.getId()); + }else{ + searchCriteria.getParamList().put("owner", 0); + } + + } + + } + + VXTrxLogList vXTrxLogList = xTrxLogService + .searchXTrxLogs(searchCriteria); + Long count=xTrxLogService + .searchXTrxLogsCount(searchCriteria); + vXTrxLogList.setTotalCount(count); + return vXTrxLogList; + } + + public VXAccessAuditList getAccessLogs(SearchCriteria searchCriteria) { + + if (searchCriteria != null && searchCriteria.getParamList() != null + && searchCriteria.getParamList().size() > 0) { + int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset(); + java.util.Date temp = null; + DateUtil dateUtil = new DateUtil(); + if (searchCriteria.getParamList().containsKey("startDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "startDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("startDate", temp); + } + if (searchCriteria.getParamList().containsKey("endDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "endDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("endDate", temp); + } + + } + if(searchCriteria.getSortType()==null){ + searchCriteria.setSortType("desc"); + }else if(!searchCriteria.getSortType().equalsIgnoreCase("asc")&& !searchCriteria.getSortType().equalsIgnoreCase("desc")){ + searchCriteria.setSortType("desc"); + } + return xAccessAuditService.searchXAccessAudits(searchCriteria); + } + + public VXTrxLogList getTransactionReport(String transactionId) { + List<XXTrxLog> xTrxLogList = xADaoManager.getXXTrxLog() + .findByTransactionId(transactionId); + VXTrxLogList vXTrxLogList = new VXTrxLogList(); + List<VXTrxLog> vXTrxLogs = vXTrxLogList.getVXTrxLogs(); + for (XXTrxLog xTrxLog : xTrxLogList) { + VXTrxLog vXTrxLog = xTrxLogService.populateViewBean(xTrxLog); + if(vXTrxLog.getPreviousValue()==null || vXTrxLog.getPreviousValue().equalsIgnoreCase("null")){ + vXTrxLog.setPreviousValue(""); + } + if(vXTrxLog.getAttributeName()!=null && vXTrxLog.getAttributeName().equalsIgnoreCase("Password")){ + vXTrxLog.setPreviousValue("*********"); + vXTrxLog.setNewValue("***********"); + } + if(vXTrxLog.getAttributeName()!=null && vXTrxLog.getAttributeName().equalsIgnoreCase("Connection Configurations")){ + if(vXTrxLog.getPreviousValue()!=null && vXTrxLog.getPreviousValue().contains("password")){ + String tempPreviousStr=vXTrxLog.getPreviousValue(); + String tempPreviousArr[]=vXTrxLog.getPreviousValue().split(","); + for(int i=0;i<tempPreviousArr.length;i++){ + if(tempPreviousArr[i].contains("{\"password")){ + vXTrxLog.setPreviousValue(tempPreviousStr.replace(tempPreviousArr[i], "{\"password\":\"*****\"}")); + break; + }else if(tempPreviousArr[i].contains("\"password") && tempPreviousArr[i].contains("}")){ + vXTrxLog.setPreviousValue(tempPreviousStr.replace(tempPreviousArr[i], "\"password\":\"******\"}")); + break; + }else if(tempPreviousArr[i].contains("\"password")){ + vXTrxLog.setPreviousValue(tempPreviousStr.replace(tempPreviousArr[i], "\"password\":\"******\"")); + break; + } + } + } + if(vXTrxLog.getNewValue()!=null && vXTrxLog.getNewValue().contains("password")){ + String tempNewStr=vXTrxLog.getNewValue(); + String tempNewArr[]=vXTrxLog.getNewValue().split(","); + for(int i=0;i<tempNewArr.length;i++){ + if(tempNewArr[i].contains("{\"password")){ + vXTrxLog.setNewValue(tempNewStr.replace(tempNewArr[i], "{\"password\":\"*****\"}")); + break; + }else if(tempNewArr[i].contains("\"password") && tempNewArr[i].contains("}")){ + vXTrxLog.setNewValue(tempNewStr.replace(tempNewArr[i], "\"password\":\"******\"}")); + break; + }else if(tempNewArr[i].contains("\"password")){ + vXTrxLog.setNewValue(tempNewStr.replace(tempNewArr[i], "\"password\":\"******\"")); + break; + } + } + } + } + vXTrxLogs.add(vXTrxLog); + } + vXTrxLogList.setVXTrxLogs(vXTrxLogs); + return vXTrxLogList; + } + + /* + * (non-Javadoc) + * + * @see + * org.apache.ranger.biz.AssetMgrBase#searchXPolicyExportAudits(org.apache.ranger. + * common.SearchCriteria) + */ + @Override + public VXPolicyExportAuditList searchXPolicyExportAudits( + SearchCriteria searchCriteria) { + if (searchCriteria != null && searchCriteria.getParamList() != null + && searchCriteria.getParamList().size() > 0) { + + int clientTimeOffsetInMinute = RestUtil.getClientTimeOffset(); + java.util.Date temp = null; + DateUtil dateUtil = new DateUtil(); + if (searchCriteria.getParamList().containsKey("startDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "startDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("startDate", temp); + } + if (searchCriteria.getParamList().containsKey("endDate")) { + temp = (java.util.Date) searchCriteria.getParamList().get( + "endDate"); + temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59); + temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); + searchCriteria.getParamList().put("endDate", temp); + } + } + + return xPolicyExportAuditService.searchXPolicyExportAudits(searchCriteria); + } + + public VXAsset getXAsset(Long id){ + UserSessionBase currentUserSession = ContextUtil + .getCurrentUserSession(); + VXAsset vXAsset=null; + if (currentUserSession.isUserAdmin()) { + vXAsset = xAssetService.readResource(id); + if (vXAsset.getActiveStatus() == XACommonEnums.STATUS_DELETED) { + logger.error("Trying to read Asset which is soft deleted"); + throw restErrorUtil.createRESTException( + "Repository not found for this Id : " + id, + MessageEnums.DATA_NOT_FOUND, id, null, + "Repository does not exist for this Id : " + id); + } + }else{ + XXAsset xXAsset=xADaoManager.getXXAsset().getById(id); + + if (xXAsset.getActiveStatus() == XACommonEnums.STATUS_DELETED) { + logger.error("Trying to read Asset which is soft deleted"); + throw restErrorUtil.createRESTException( + "Repository not found for this Id : " + id, + MessageEnums.DATA_NOT_FOUND, id, null, + "Repository does not exist for this Id : " + id); + } + + vXAsset=xAssetService.populateViewBean(xXAsset); + /*List<XXResource> xXResourceList=xADaoManager + .getXXResource().findByAssetId(id); + for (XXResource xXResource : xXResourceList) { + VXResponse vXResponse = xaBizUtil.hasPermission(xResourceService.populateViewBean(xXResource), + AppConstants.XA_PERM_TYPE_ADMIN); + if(vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS){ + XXAsset xXAsset=xADaoManager.getXXAsset().getById(id); + vXAsset=xAssetService.populateViewBean(xXAsset); + break; + } + }*/ + } + return vXAsset; + } + + private void createDefaultUDFPolicy(VXAsset vXAsset, String config) { + int assetType = vXAsset.getAssetType(); + if (assetType != AppConstants.ASSET_HIVE) { + return ; + } + Map<String, String> configMap = jsonUtil.jsonToMap(config); + String userName = stringUtil.getValidUserName(configMap.get("username")); + VXResource vXResource = new VXResource(); + vXResource.setAssetId(vXAsset.getId()); + vXResource.setAssetName(vXAsset.getName()); + vXResource.setResourceStatus(AppConstants.STATUS_ENABLED); + String tempPolicyName=vXAsset.getName()+"-"+2+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddH
<TRUNCATED>
