RANGER-256: Enable pluggable way to add context data to request
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/8df90d46 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/8df90d46 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/8df90d46 Branch: refs/heads/master Commit: 8df90d467fac60e716599113b3994ef435d8dff4 Parents: 9c2f0d1 Author: Madhan Neethiraj <[email protected]> Authored: Sat Feb 21 02:27:54 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Sat Feb 21 02:27:54 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/model/RangerServiceDef.java | 125 +++++++- .../RangerDefaultPolicyEvaluator.java | 3 +- .../RangerAbstractResourceMatcher.java | 51 ++-- .../RangerDefaultResourceMatcher.java | 19 +- .../RangerPathResourceMatcher.java | 58 ++-- .../resourcematcher/RangerResourceMatcher.java | 4 +- .../plugin/store/EmbeddedServiceDefsUtil.java | 166 +++++++++++ .../plugin/store/LegacyServiceDefsUtil.java | 164 ----------- .../plugin/store/file/ServiceFileStore.java | 7 +- .../service-defs/ranger-servicedef-hive.json | 37 +++ .../ranger/plugin/store/TestServiceStore.java | 2 +- .../services/hbase/TestRangerServiceHBase.java | 2 +- .../services/hdfs/TestRangerServiceHdfs.java | 2 +- .../hive/client/TestRangerServiceHive.java | 2 +- .../knox/client/TestRangerServiceKnox.java | 2 +- .../db/mysql/patches/009-updated_schema.sql | 238 ++++++++------- .../org/apache/ranger/biz/ServiceDBStore.java | 42 ++- .../org/apache/ranger/common/ServiceUtil.java | 12 +- .../apache/ranger/db/RangerDaoManagerBase.java | 4 + .../ranger/db/XXContextEnricherDefDao.java | 45 +++ .../ranger/db/XXPolicyConditionDefDao.java | 15 + .../ranger/entity/XXContextEnricherDef.java | 286 +++++++++++++++++++ .../org/apache/ranger/entity/XXResourceDef.java | 2 +- .../service/RangerServiceDefServiceBase.java | 24 ++ .../resources/META-INF/jpa_named_queries.xml | 13 + 25 files changed, 965 insertions(+), 360 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index def53ef..ab80138 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -51,11 +51,12 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S private List<RangerResourceDef> resources = null; private List<RangerAccessTypeDef> accessTypes = null; private List<RangerPolicyConditionDef> policyConditions = null; + private List<RangerContextEnricherDef> contextEnrichers = null; private List<RangerEnumDef> enums = null; public RangerServiceDef() { - this(null, null, null, null, null, null, null, null, null); + this(null, null, null, null, null, null, null, null, null, null); } /** @@ -67,9 +68,10 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S * @param resources * @param accessTypes * @param policyConditions + * @param contextEnrichers * @param enums */ - public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerEnumDef> enums) { + public RangerServiceDef(String name, String implClass, String label, String description, List<RangerServiceConfigDef> configs, List<RangerResourceDef> resources, List<RangerAccessTypeDef> accessTypes, List<RangerPolicyConditionDef> policyConditions, List<RangerContextEnricherDef> contextEnrichers, List<RangerEnumDef> enums) { super(); setName(name); @@ -80,6 +82,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S setResources(resources); setAccessTypes(accessTypes); setPolicyConditions(policyConditions); + setContextEnrichers(contextEnrichers); setEnums(enums); } @@ -297,6 +300,34 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** + * @return the contextEnrichers + */ + public List<RangerContextEnricherDef> getContextEnrichers() { + return contextEnrichers; + } + + /** + * @param contextEnrichers the contextEnrichers to set + */ + public void setContextEnrichers(List<RangerContextEnricherDef> contextEnrichers) { + if(this.contextEnrichers == null) { + this.contextEnrichers = new ArrayList<RangerContextEnricherDef>(); + } + + if(this.contextEnrichers == contextEnrichers) { + return; + } + + this.contextEnrichers.clear(); + + if(contextEnrichers != null) { + for(RangerContextEnricherDef contextEnricher : contextEnrichers) { + this.contextEnrichers.add(contextEnricher); + } + } + } + + /** * @return the enums */ public List<RangerEnumDef> getEnums() { @@ -385,6 +416,16 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } sb.append("} "); + sb.append("contextEnrichers={"); + if(contextEnrichers != null) { + for(RangerContextEnricherDef contextEnricher : contextEnrichers) { + if(contextEnricher != null) { + contextEnricher.toString(sb); + } + } + } + sb.append("} "); + sb.append("enums={"); if(enums != null) { for(RangerEnumDef e : enums) { @@ -1367,4 +1408,84 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S return sb; } } + + public static class RangerContextEnricherDef implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name = null; + private String enricher = null; + private String enricherOptions = null; + + + public RangerContextEnricherDef() { + this(null, null, null); + } + + public RangerContextEnricherDef(String name, String enricher, String enricherOptions) { + setName(name); + setEnricher(enricher); + setEnricherOptions(enricherOptions); + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + /** + * @return the enricher + */ + public String getEnricher() { + return enricher; + } + + /** + * @param enricher the enricher to set + */ + public void setEnricher(String enricher) { + this.enricher = enricher; + } + + /** + * @return the evaluator + */ + public String getEnricherOptions() { + return enricherOptions; + } + + /** + * @param evaluator the evaluator to set + */ + public void setEnricherOptions(String enricherOptions) { + this.enricherOptions = enricherOptions; + } + + @Override + public String toString( ) { + StringBuilder sb = new StringBuilder(); + + toString(sb); + + return sb.toString(); + } + + public StringBuilder toString(StringBuilder sb) { + sb.append("RangerContextEnricherDef={"); + sb.append("name={").append(name).append("} "); + sb.append("enricher={").append(enricher).append("} "); + sb.append("enricherOptions={").append(enricherOptions).append("} "); + sb.append("}"); + + return sb; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java index e3535ac..60e3d7a 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java @@ -545,7 +545,8 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator } if(ret != null) { - ret.init(resourceDef, resource, options); + ret.initOptions(options); + ret.init(resourceDef, resource); } if(LOG.isDebugEnabled()) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java index 79a878f..56ca075 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerAbstractResourceMatcher.java @@ -35,12 +35,12 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public abstract class RangerAbstractResourceMatcher implements RangerResourceMatcher { private static final Log LOG = LogFactory.getLog(RangerAbstractResourceMatcher.class); - public final String WILDCARD_PATTERN = ".*"; + public final static String WILDCARD_ASTERISK = "*"; - public final String OPTIONS_SEP = ";"; - public final String OPTION_NV_SEP = "="; - public final String OPTION_IGNORE_CASE = "ignoreCase"; - public final String OPTION_WILD_CARD = "wildCard"; + public final static String OPTIONS_SEP = ";"; + public final static String OPTION_NV_SEP = "="; + public final static String OPTION_IGNORE_CASE = "ignoreCase"; + public final static String OPTION_WILD_CARD = "wildCard"; private RangerResourceDef resourceDef = null; private RangerPolicyResource policyResource = null; @@ -55,13 +55,11 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat protected boolean isMatchAny = false; @Override - public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) { + public void initOptions(String optionsString) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); + LOG.debug("==> RangerAbstractResourceMatcher.initOptions(" + optionsString + ")"); } - this.resourceDef = resourceDef; - this.policyResource = policyResource; this.optionsString = optionsString; options = new HashMap<String, String>(); @@ -88,6 +86,20 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat optIgnoreCase = getBooleanOption(OPTION_IGNORE_CASE, true); optWildCard = getBooleanOption(OPTION_WILD_CARD, true); + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerAbstractResourceMatcher.initOptions(" + optionsString + ")"); + } + } + + @Override + public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); + } + + this.resourceDef = resourceDef; + this.policyResource = policyResource; + policyValues = new ArrayList<String>(); policyIsExcludes = policyResource == null ? false : policyResource.getIsExcludes(); @@ -101,11 +113,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat policyValue = policyValue.toLowerCase(); } - if(optWildCard) { - policyValue = getWildCardPattern(policyValue); - } - - if(policyValue.equals(WILDCARD_PATTERN)) { + if(StringUtils.containsOnly(policyValue, WILDCARD_ASTERISK)) { isMatchAny = true; } @@ -118,7 +126,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); + LOG.debug("<== RangerAbstractResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); } } @@ -151,7 +159,7 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat String policyValue = policyValues.get(0); if(isMatchAny) { - ret = StringUtils.equals(resource, "*"); + ret = StringUtils.containsOnly(resource, WILDCARD_ASTERISK); } else { ret = optIgnoreCase ? StringUtils.equalsIgnoreCase(resource, policyValue) : StringUtils.equals(resource, policyValue); } @@ -205,13 +213,12 @@ public abstract class RangerAbstractResourceMatcher implements RangerResourceMat return ret; } - public static String getWildCardPattern(String policyValue) { - if (policyValue != null) { - policyValue = policyValue.replaceAll("\\?", "\\.") - .replaceAll("\\*", ".*") ; - } + public char getCharOption(String name, char defaultValue) { + String strVal = getOption(name); - return policyValue ; + char ret = StringUtils.isEmpty(strVal) ? defaultValue : strVal.charAt(0); + + return ret; } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java index 13500dc..c8d10d6 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerDefaultResourceMatcher.java @@ -20,30 +20,15 @@ package org.apache.ranger.plugin.resourcematcher; +import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher { private static final Log LOG = LogFactory.getLog(RangerDefaultResourceMatcher.class); - - @Override - public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); - } - - super.init(resourceDef, policyResource, optionsString); - - if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerDefaultResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); - } - } - @Override public boolean isMatch(String resource) { if(LOG.isDebugEnabled()) { @@ -58,7 +43,7 @@ public class RangerDefaultResourceMatcher extends RangerAbstractResourceMatcher } for(String policyValue : policyValues) { - ret = optWildCard ? resource.matches(policyValue) : StringUtils.equals(resource, policyValue); + ret = optWildCard ? FilenameUtils.wildcardMatch(resource, policyValue) : StringUtils.equals(resource, policyValue); if(ret) { break; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java index 2cf3a68..6d9188d 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerPathResourceMatcher.java @@ -19,6 +19,9 @@ package org.apache.ranger.plugin.resourcematcher; +// import java.util.List; + +// import org.apache.commons.collections.CollectionUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -30,20 +33,27 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { private static final Log LOG = LogFactory.getLog(RangerPathResourceMatcher.class); - private boolean policyIsRecursive = false; + public static final String OPTION_PATH_SEPERATOR = "pathSeperatorChar"; + public static final char DEFAULT_PATH_SEPERATOR_CHAR = org.apache.hadoop.fs.Path.SEPARATOR_CHAR; + + private static final String SPECIAL_WILDCARD_CHARS = "?.*"; + + private boolean policyIsRecursive = false; + private char pathSeperatorChar = DEFAULT_PATH_SEPERATOR_CHAR; @Override - public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString) { + public void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); + LOG.debug("==> RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); } - super.init(resourceDef, policyResource, optionsString); + policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive(); + pathSeperatorChar = getCharOption(OPTION_PATH_SEPERATOR, DEFAULT_PATH_SEPERATOR_CHAR); - policyIsRecursive = policyResource == null ? false : policyResource.getIsRecursive(); + super.init(resourceDef, policyResource); if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ", " + optionsString + ")"); + LOG.debug("<== RangerPathResourceMatcher.init(" + resourceDef + ", " + policyResource + ")"); } } @@ -62,16 +72,16 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { for(String policyValue : policyValues) { if(policyIsRecursive) { - ret = StringUtils.startsWith(resource, policyValue); - - if(! ret && optWildCard) { - ret = isRecursiveWildCardMatch(resource, policyValue) ; + if(optWildCard) { + ret = isRecursiveWildCardMatch(resource, policyValue, pathSeperatorChar) ; + } else { + ret = StringUtils.startsWith(resource, policyValue); } } else { - ret = StringUtils.equals(resource, policyValue); - - if(! ret && optWildCard) { + if(optWildCard) { ret = FilenameUtils.wildcardMatch(resource, policyValue); + } else { + ret = StringUtils.equals(resource, policyValue); } } @@ -93,36 +103,40 @@ public class RangerPathResourceMatcher extends RangerAbstractResourceMatcher { return ret; } - - private static boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath) { + + private boolean isRecursiveWildCardMatch(String pathToCheck, String wildcardPath, char pathSeperatorChar) { if(LOG.isDebugEnabled()) { - LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ")"); + LOG.debug("==> RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + ")"); } boolean ret = false; - if (pathToCheck != null) { - StringBuilder sb = new StringBuilder() ; + if (! StringUtils.isEmpty(pathToCheck)) { + StringBuilder sb = new StringBuilder(); + + if(pathToCheck.charAt(0) == pathSeperatorChar) { + sb.append(pathSeperatorChar); // preserve the initial seperator + } - for(String p : pathToCheck.split(org.apache.hadoop.fs.Path.SEPARATOR) ) { + for(String p : StringUtils.split(pathToCheck, pathSeperatorChar)) { sb.append(p); boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(), wildcardPath) ; - + if (matchFound) { ret = true ; break; } - sb.append(org.apache.hadoop.fs.Path.SEPARATOR) ; + sb.append(pathSeperatorChar) ; } sb = null; } if(LOG.isDebugEnabled()) { - LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + "): " + ret); + LOG.debug("<== RangerPathResourceMatcher.isRecursiveWildCardMatch(" + pathToCheck + ", " + wildcardPath + ", " + pathSeperatorChar + "): " + ret); } return ret; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java index 1368afb..c79e50c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/resourcematcher/RangerResourceMatcher.java @@ -23,7 +23,9 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; public interface RangerResourceMatcher { - void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource, String optionsString); + void initOptions(String optionsString); + + void init(RangerResourceDef resourceDef, RangerPolicyResource policyResource); RangerResourceDef getResourceDef(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java new file mode 100644 index 0000000..a7ad7b1 --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/EmbeddedServiceDefsUtil.java @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store; + +import java.io.InputStream; +import java.io.InputStreamReader; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; +import org.apache.ranger.plugin.model.RangerServiceDef; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +/* + * This utility class deals with service-defs embedded in ranger-plugins-common + * library (hdfs/hbase/hive/knox/storm/..). If any of these service-defs + * don't exist in the given service store, they will be created in the store + * using the embedded definitions. + * + * init() method should be called from ServiceStore implementations to + * initialize embedded service-defs. + */ +public class EmbeddedServiceDefsUtil { + private static final Log LOG = LogFactory.getLog(EmbeddedServiceDefsUtil.class); + + + public static final String EMBEDDED_SERVICEDEF_HDFS_NAME = "hdfs"; + public static final String EMBEDDED_SERVICEDEF_HBASE_NAME = "hbase"; + public static final String EMBEDDED_SERVICEDEF_HIVE_NAME = "hive"; + public static final String EMBEDDED_SERVICEDEF_KNOX_NAME = "knox"; + public static final String EMBEDDED_SERVICEDEF_STORM_NAME = "storm"; + public static final String PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS = "ranger.service.store.create.embedded.service-defs"; + + private static EmbeddedServiceDefsUtil instance = new EmbeddedServiceDefsUtil(); + + private boolean createEmbeddedServiceDefs = true; + private RangerServiceDef hdfsServiceDef = null; + private RangerServiceDef hBaseServiceDef = null; + private RangerServiceDef hiveServiceDef = null; + private RangerServiceDef knoxServiceDef = null; + private RangerServiceDef stormServiceDef = null; + + private Gson gsonBuilder = null; + + + /* private constructor to restrict instantiation of this singleton utility class */ + private EmbeddedServiceDefsUtil() { + } + + public static EmbeddedServiceDefsUtil instance() { + return instance; + } + + public void init(ServiceStore store) { + LOG.info("==> EmbeddedServiceDefsUtil.init()"); + + try { + createEmbeddedServiceDefs = RangerConfiguration.getInstance().getBoolean(PROPERTY_CREATE_EMBEDDED_SERVICE_DEFS, true); + + gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create(); + + hdfsServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_HDFS_NAME); + hBaseServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_HBASE_NAME); + hiveServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_HIVE_NAME); + knoxServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_KNOX_NAME); + stormServiceDef = getOrCreateServiceDef(store, EMBEDDED_SERVICEDEF_STORM_NAME); + } catch(Throwable excp) { + LOG.fatal("EmbeddedServiceDefsUtil.init(): failed", excp); + } + + + LOG.info("<== EmbeddedServiceDefsUtil.init()"); + } + + public long getHdfsServiceDefId() { + return getId(hdfsServiceDef); + } + + public long getHBaseServiceDefId() { + return getId(hBaseServiceDef); + } + + public long getHiveServiceDefId() { + return getId(hiveServiceDef); + } + + public long getKnoxServiceDefId() { + return getId(knoxServiceDef); + } + + public long getStormServiceDefId() { + return getId(stormServiceDef); + } + + + private long getId(RangerServiceDef serviceDef) { + return serviceDef == null || serviceDef.getId() == null ? -1 : serviceDef.getId().longValue(); + } + + private RangerServiceDef getOrCreateServiceDef(ServiceStore store, String serviceDefName) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> EmbeddedServiceDefsUtil.getOrCreateServiceDef(" + serviceDefName + ")"); + } + + RangerServiceDef ret = null; + + try { + ret = store.getServiceDefByName(serviceDefName); + if(ret == null && createEmbeddedServiceDefs) { + ret = loadEmbeddedServiceDef(serviceDefName); + + LOG.info("creating embedded service-def " + serviceDefName); + store.createServiceDef(ret); + } + } catch(Exception excp) { + LOG.fatal("EmbeddedServiceDefsUtil.getOrCreateServiceDef(): failed to load/create serviceType " + serviceDefName, excp); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== EmbeddedServiceDefsUtil.getOrCreateServiceDef(" + serviceDefName + "): " + ret); + } + + return ret; + } + + private RangerServiceDef loadEmbeddedServiceDef(String serviceType) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> EmbeddedServiceDefsUtil.loadEmbeddedServiceDef(" + serviceType + ")"); + } + + RangerServiceDef ret = null; + + String resource = "/service-defs/ranger-servicedef-" + serviceType + ".json"; + + InputStream inStream = getClass().getResourceAsStream(resource); + + InputStreamReader reader = new InputStreamReader(inStream); + + ret = gsonBuilder.fromJson(reader, RangerServiceDef.class); + + if(LOG.isDebugEnabled()) { + LOG.debug("==> EmbeddedServiceDefsUtil.loadEmbeddedServiceDef(" + serviceType + ")"); + } + + return ret; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/store/LegacyServiceDefsUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/LegacyServiceDefsUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/LegacyServiceDefsUtil.java deleted file mode 100644 index 491e1e9..0000000 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/LegacyServiceDefsUtil.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.ranger.plugin.store; - -import java.io.InputStream; -import java.io.InputStreamReader; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; -import org.apache.ranger.plugin.model.RangerServiceDef; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -/* - * This utility class deals with service-def for legacy services hdfs/hbase/hive/knox/storm. - * If any of service-defs don't exist in the given service store, they will be created in - * the store using the definitions embedded in ranger-plugins-common.jar. - * - * init() method should be called from ServiceStore implementations to initialize legacy service-defs. - */ -public class LegacyServiceDefsUtil { - private static final Log LOG = LogFactory.getLog(LegacyServiceDefsUtil.class); - - - public static final String LEGACY_SERVICEDEF_HDFS_NAME = "hdfs"; - public static final String LEGACY_SERVICEDEF_HBASE_NAME = "hbase"; - public static final String LEGACY_SERVICEDEF_HIVE_NAME = "hive"; - public static final String LEGACY_SERVICEDEF_KNOX_NAME = "knox"; - public static final String LEGACY_SERVICEDEF_STORM_NAME = "storm"; - public static final String PROPERTY_CREATE_LEGACY_SERVICE_DEFS = "ranger.service.store.create.legacy.service-defs"; - - private static LegacyServiceDefsUtil instance = new LegacyServiceDefsUtil(); - - private boolean createLegacyServiceDefs = true; - private RangerServiceDef hdfsServiceDef = null; - private RangerServiceDef hBaseServiceDef = null; - private RangerServiceDef hiveServiceDef = null; - private RangerServiceDef knoxServiceDef = null; - private RangerServiceDef stormServiceDef = null; - - private Gson gsonBuilder = null; - - - /* private constructor to restrict instantiation of this singleton utility class */ - private LegacyServiceDefsUtil() { - } - - public static LegacyServiceDefsUtil instance() { - return instance; - } - - public void init(ServiceStore store) { - LOG.info("==> LegacyServiceDefsUtil.init()"); - - try { - createLegacyServiceDefs = RangerConfiguration.getInstance().getBoolean(PROPERTY_CREATE_LEGACY_SERVICE_DEFS, true); - - gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create(); - - hdfsServiceDef = getOrCreateServiceDef(store, LEGACY_SERVICEDEF_HDFS_NAME); - hBaseServiceDef = getOrCreateServiceDef(store, LEGACY_SERVICEDEF_HBASE_NAME); - hiveServiceDef = getOrCreateServiceDef(store, LEGACY_SERVICEDEF_HIVE_NAME); - knoxServiceDef = getOrCreateServiceDef(store, LEGACY_SERVICEDEF_KNOX_NAME); - stormServiceDef = getOrCreateServiceDef(store, LEGACY_SERVICEDEF_STORM_NAME); - } catch(Throwable excp) { - LOG.fatal("LegacyServiceDefsUtil.init(): failed", excp); - } - - - LOG.info("<== LegacyServiceDefsUtil.init()"); - } - - public long getHdfsServiceDefId() { - return getId(hdfsServiceDef); - } - - public long getHBaseServiceDefId() { - return getId(hBaseServiceDef); - } - - public long getHiveServiceDefId() { - return getId(hiveServiceDef); - } - - public long getKnoxServiceDefId() { - return getId(knoxServiceDef); - } - - public long getStormServiceDefId() { - return getId(stormServiceDef); - } - - - private long getId(RangerServiceDef serviceDef) { - return serviceDef == null || serviceDef.getId() == null ? -1 : serviceDef.getId().longValue(); - } - - private RangerServiceDef getOrCreateServiceDef(ServiceStore store, String serviceDefName) { - if(LOG.isDebugEnabled()) { - LOG.debug("==> LegacyServiceDefsUtil.getOrCreateServiceDef(" + serviceDefName + ")"); - } - - RangerServiceDef ret = null; - - try { - ret = store.getServiceDefByName(serviceDefName); - if(ret == null && createLegacyServiceDefs) { - ret = loadLegacyServiceDef(serviceDefName); - - LOG.info("creating legacy service-def " + serviceDefName); - store.createServiceDef(ret); - } - } catch(Exception excp) { - LOG.fatal("LegacyServiceDefsUtil.getOrCreateServiceDef(): failed to load/create serviceType " + serviceDefName, excp); - } - - if(LOG.isDebugEnabled()) { - LOG.debug("<== LegacyServiceDefsUtil.getOrCreateServiceDef(" + serviceDefName + "): " + ret); - } - - return ret; - } - - private RangerServiceDef loadLegacyServiceDef(String serviceType) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> LegacyServiceDefsUtil.loadLegacyServiceDef(" + serviceType + ")"); - } - - RangerServiceDef ret = null; - - String resource = "/service-defs/ranger-servicedef-" + serviceType + ".json"; - - InputStream inStream = getClass().getResourceAsStream(resource); - - InputStreamReader reader = new InputStreamReader(inStream); - - ret = gsonBuilder.fromJson(reader, RangerServiceDef.class); - - if(LOG.isDebugEnabled()) { - LOG.debug("==> LegacyServiceDefsUtil.loadLegacyServiceDef(" + serviceType + ")"); - } - - return ret; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java index bbde42d..28e5c8c 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java @@ -31,6 +31,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.MapUtils; import org.apache.commons.collections.Predicate; import org.apache.commons.collections.PredicateUtils; +import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang.ObjectUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; @@ -45,7 +46,7 @@ import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher; -import org.apache.ranger.plugin.store.LegacyServiceDefsUtil; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; @@ -93,7 +94,7 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore { super.initStore(dataDir); - LegacyServiceDefsUtil.instance().init(this); + EmbeddedServiceDefsUtil.instance().init(this); if(LOG.isDebugEnabled()) { LOG.debug("<== ServiceFileStore.init()"); @@ -1516,7 +1517,7 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore { isMatch = true; } else { for(String policyResourceValue : policyResource.getValues()) { - if(val.matches(RangerAbstractResourceMatcher.getWildCardPattern(policyResourceValue))) { + if(FilenameUtils.wildcardMatch(val, policyResourceValue)) { isMatch = true; break; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index 6414fe3..4ebadfb 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -37,7 +37,44 @@ {"name":"lock", "label":"Lock"}, {"name":"all", "label":"All"} ], + "contextEnrichers": + [ + { + "name":"country-provider", + "enricher":"org.apache.ranger.plugin.contextenricher.RangerCountryProvider", + "enricherOptions":"" + }, + { + "name":"project-provider", + "enricher":"org.apache.ranger.plugin.contextenricher.RangerProjectProvider", + "enricherOptions":"" + } + ] + , "policyConditions": [ + { + "name":"country", + "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerCountryMatcher", + "evaluatorOptions":"", + "label":"Countries", + "description":"Countries" + } + , + { + "name":"project", + "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerProjectMatcher", + "evaluatorOptions":"", + "label":"Projects", + "description":"Projects" + } + , + { + "name":"timeOfDay", + "evaluator":"org.apache.ranger.plugin.conditionevaluator.RangerTimeOfDayMatcher", + "evaluatorOptions":"", + "label":"Time of Day", + "description":"Time of Day" + } ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java index 6e1e862..001fb10 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestServiceStore.java @@ -76,7 +76,7 @@ public class TestServiceStore { int initSdCount = sds == null ? 0 : sds.size(); - RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null); + RangerServiceDef sd = new RangerServiceDef(sdName, "org.apache.ranger.services.TestService", "TestService", "test servicedef description", null, null, null, null, null, null); RangerServiceDef createdSd = svcStore.createServiceDef(sd); assertNotNull("createServiceDef() failed", createdSd != null); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/hbase-agent/src/test/java/org/apache/ranger/services/hbase/TestRangerServiceHBase.java ---------------------------------------------------------------------- diff --git a/hbase-agent/src/test/java/org/apache/ranger/services/hbase/TestRangerServiceHBase.java b/hbase-agent/src/test/java/org/apache/ranger/services/hbase/TestRangerServiceHBase.java index 0db4124..fcebd5d 100644 --- a/hbase-agent/src/test/java/org/apache/ranger/services/hbase/TestRangerServiceHBase.java +++ b/hbase-agent/src/test/java/org/apache/ranger/services/hbase/TestRangerServiceHBase.java @@ -57,7 +57,7 @@ public class TestRangerServiceHBase { buildHbaseConnectionConfig(); buildLookupContext(); - sd = new RangerServiceDef(sdName, "org.apache.ranger.services.hbase.RangerServiceHBase", "TestService", "test servicedef description", null, null, null, null, null); + sd = new RangerServiceDef(sdName, "org.apache.ranger.services.hbase.RangerServiceHBase", "TestService", "test servicedef description", null, null, null, null, null, null); svc = new RangerService(sdName, serviceName, "unit test hbase resource lookup and validateConfig", configs); svcHBase = new RangerServiceHBase(); svcHBase.init(sd, svc); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/TestRangerServiceHdfs.java ---------------------------------------------------------------------- diff --git a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/TestRangerServiceHdfs.java b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/TestRangerServiceHdfs.java index f29b4fe..ceaa5b2 100644 --- a/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/TestRangerServiceHdfs.java +++ b/hdfs-agent/src/test/java/org/apache/ranger/services/hdfs/TestRangerServiceHdfs.java @@ -55,7 +55,7 @@ public class TestRangerServiceHdfs { buildHdfsConnectionConfig(); buildLookupContext(); - sd = new RangerServiceDef(sdName, "org.apache.ranger.service.hdfs.RangerServiceHdfs", "TestService", "test servicedef description", null, null, null, null, null); + sd = new RangerServiceDef(sdName, "org.apache.ranger.service.hdfs.RangerServiceHdfs", "TestService", "test servicedef description", null, null, null, null, null, null); svc = new RangerService(sdName, serviceName, "unit test hdfs resource lookup and validateConfig",configs); svcHdfs = new RangerServiceHdfs(); svcHdfs.init(sd, svc); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/hive-agent/src/test/java/org/apache/ranger/services/hive/client/TestRangerServiceHive.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/test/java/org/apache/ranger/services/hive/client/TestRangerServiceHive.java b/hive-agent/src/test/java/org/apache/ranger/services/hive/client/TestRangerServiceHive.java index 414484c..9dcda6d 100644 --- a/hive-agent/src/test/java/org/apache/ranger/services/hive/client/TestRangerServiceHive.java +++ b/hive-agent/src/test/java/org/apache/ranger/services/hive/client/TestRangerServiceHive.java @@ -56,7 +56,7 @@ public class TestRangerServiceHive { buildHbaseConnectionConfig(); buildLookupContext(); - sd = new RangerServiceDef(sdName, "org.apache.ranger.services.hive.RangerServiceHive", "TestHiveService", "test servicedef description", null, null, null, null, null); + sd = new RangerServiceDef(sdName, "org.apache.ranger.services.hive.RangerServiceHive", "TestHiveService", "test servicedef description", null, null, null, null, null, null); svc = new RangerService(sdName, serviceName, "unit test hive resource lookup and validateConfig", configs); svcHive = new RangerServiceHive(); svcHive.init(sd, svc); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/knox-agent/src/test/java/org/apache/ranger/services/knox/client/TestRangerServiceKnox.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/test/java/org/apache/ranger/services/knox/client/TestRangerServiceKnox.java b/knox-agent/src/test/java/org/apache/ranger/services/knox/client/TestRangerServiceKnox.java index e83558e..ba95790 100644 --- a/knox-agent/src/test/java/org/apache/ranger/services/knox/client/TestRangerServiceKnox.java +++ b/knox-agent/src/test/java/org/apache/ranger/services/knox/client/TestRangerServiceKnox.java @@ -59,7 +59,7 @@ public class TestRangerServiceKnox { buildHbaseConnectionConfig(); buildLookupContext(); - sd = new RangerServiceDef(sdName, " org.apache.ranger.services.knox.RangerServiceKnox", "TestKnoxService", "test Knox servicedef description", null, null, null, null, null); + sd = new RangerServiceDef(sdName, " org.apache.ranger.services.knox.RangerServiceKnox", "TestKnoxService", "test Knox servicedef description", null, null, null, null, null, null); svc = new RangerService(sdName, serviceName, "unit test Knox resource lookup and validateConfig", configs); svcKnox = new RangerServiceKnox(); svcKnox.init(sd, svc); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/db/mysql/patches/009-updated_schema.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/009-updated_schema.sql b/security-admin/db/mysql/patches/009-updated_schema.sql index ef1c1ed..334c37e 100644 --- a/security-admin/db/mysql/patches/009-updated_schema.sql +++ b/security-admin/db/mysql/patches/009-updated_schema.sql @@ -13,9 +13,12 @@ -- See the License for the specific language governing permissions and -- limitations under the License. +-- Temporary table structure for view `vx_trx_log` +-- + DROP TABLE IF EXISTS `x_service_def`; CREATE TABLE `x_service_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -29,7 +32,7 @@ CREATE TABLE `x_service_def` ( `rb_key_label` varchar(1024) DEFAULT NULL, `rb_key_description` varchar(1024) DEFAULT NULL, `is_enabled` tinyint DEFAULT 1, -primary key (`id`), +primary key (`id`), KEY `x_service_def_added_by_id` (`added_by_id`), KEY `x_service_def_upd_by_id` (`upd_by_id`), KEY `x_service_def_cr_time` (`create_time`), @@ -40,8 +43,8 @@ CONSTRAINT `x_service_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_ DROP TABLE IF EXISTS `x_service`; -CREATE TABLE `x_service`( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +CREATE TABLE `x_service` ( +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -49,26 +52,26 @@ CREATE TABLE `x_service`( `upd_by_id` bigint(20) DEFAULT NULL, `version` bigint(20) DEFAULT NULL, `type` bigint(20) DEFAULT NULL, -`name` varchar(512) DEFAULT NULL, +`name` varchar(512) DEFAULT NULL, `policy_version` bigint(20) DEFAULT NULL, `policy_update_time`datetime DEFAULT NULL, `description` varchar(1024) DEFAULT NULL, -`is_enabled` tinyint(1) NOT NULL DEFAULT '0', +`is_enabled` tinyint(1) NOT NULL DEFAULT '0', primary key (`id`), UNIQUE KEY `X_service_name` (`name`), KEY `x_service_added_by_id` (`added_by_id`), KEY `x_service_upd_by_id` (`upd_by_id`), KEY `x_service_cr_time` (`create_time`), KEY `x_service_up_time` (`update_time`), -KEY `x_service_type` (`type`), +KEY `x_service_type` (`type`), CONSTRAINT `x_service_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), CONSTRAINT `x_service_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_service_FK_type` FOREIGN KEY (`type`) REFERENCES `x_service_def` (`id`) +CONSTRAINT `x_service_FK_type` FOREIGN KEY (`type`) REFERENCES `x_service_def` (`id`) ); DROP TABLE IF EXISTS `x_policy`; -CREATE TABLE `x_policy` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +CREATE TABLE `x_policy` ( +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -95,14 +98,14 @@ CONSTRAINT `x_policy_FK_service` FOREIGN KEY (`service`) REFERENCES `x_service` DROP TABLE IF EXISTS `x_service_config_def`; CREATE TABLE `x_service_config_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `def_id` bigint(20) NOT NULL, -`name` varchar(1024) DEFAULT NULL, +`name` varchar(1024) DEFAULT NULL, `type` varchar(1024) DEFAULT NULL, `sub_type` varchar(1024) DEFAULT NULL, `is_mandatory` tinyint(1) NOT NULL DEFAULT '0', @@ -113,39 +116,39 @@ CREATE TABLE `x_service_config_def` ( `rb_key_decription` varchar(1024) DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', primary key (`id`), -CONSTRAINT `x_service_conf_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), -CONSTRAINT `x_service_conf_def_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_service_conf_def_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_service_config_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), +CONSTRAINT `x_service_config_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_service_config_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_resource_def`; CREATE TABLE `x_resource_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`def_id` bigint(20) NOT NULL, +`def_id` bigint(20) NOT NULL, `name` varchar(1024) DEFAULT NULL, -`type` varchar(1024) DEFAULT NULL, -`res_level` bigint(20) DEFAULT NULL, -`parent` bigint(20) DEFAULT NULL, +`type` varchar(1024) DEFAULT NULL, +`res_level` bigint(20) DEFAULT NULL, +`parent` bigint(20) DEFAULT NULL, `mandatory` tinyint(1) NOT NULL DEFAULT '0', `look_up_supported` tinyint(1) NOT NULL DEFAULT '0', `recursive_supported` tinyint(1) NOT NULL DEFAULT '0', `excludes_supported` tinyint(1) NOT NULL DEFAULT '0', `matcher` varchar(1024) DEFAULT NULL, `matcher_options` varchar(1024) DEFAULT NULL, -`label` varchar(1024) DEFAULT NULL, -`description` varchar(1024) DEFAULT NULL, -`rb_key_label` varchar(1024) DEFAULT NULL, -`rb_key_description` varchar(1024) DEFAULT NULL, -`sort_order` tinyint(3) DEFAULT '0', +`label` varchar(1024) DEFAULT NULL, +`description` varchar(1024) DEFAULT NULL, +`rb_key_label` varchar(1024) DEFAULT NULL, +`rb_key_description` varchar(1024) DEFAULT NULL, +`sort_order` tinyint(3) DEFAULT '0', primary key (`id`), -KEY `x_resource_def_FK_parent` (`parent`), -CONSTRAINT `x_resource_def_FK_parent` FOREIGN KEY (`parent`) REFERENCES `x_resource_def` (`id`), +KEY `x_resource_def_FK_parent` (`parent`), +CONSTRAINT `x_resource_def_FK_parent` FOREIGN KEY (`parent`) REFERENCES `x_resource_def` (`id`) , CONSTRAINT `x_resource_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), CONSTRAINT `x_resource_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), CONSTRAINT `x_resource_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) @@ -153,33 +156,33 @@ CONSTRAINT `x_resource_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x DROP TABLE IF EXISTS `x_access_type_def`; CREATE TABLE `x_access_type_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`def_id` bigint(20) NOT NULL, -`name` varchar(1024) DEFAULT NULL, -`label` varchar(1024) DEFAULT NULL, -`rb_key_label` varchar(1024) DEFAULT NULL, -`sort_order` tinyint(3) DEFAULT '0', -primary key (`id`), +`def_id` bigint(20) NOT NULL, +`name` varchar(1024) DEFAULT NULL, +`label` varchar(1024) DEFAULT NULL, +`rb_key_label` varchar(1024) DEFAULT NULL, +`sort_order` tinyint(3) DEFAULT '0', +primary key (`id`) , CONSTRAINT `x_access_type_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), -CONSTRAINT `x_access_type_def_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_access_type_def_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_access_type_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_access_type_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_access_type_def_grants`; CREATE TABLE `x_access_type_def_grants` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`atd_id` bigint(20) NOT NULL, -`implied_grant` varchar(1024) DEFAULT NULL, +`atd_id` bigint(20) NOT NULL, +`implied_grant` varchar(1024) DEFAULT NULL, primary key (`id`), CONSTRAINT `x_atd_grants_FK_atdid` FOREIGN KEY (`atd_id`) REFERENCES `x_access_type_def` (`id`), CONSTRAINT `x_atd_grants_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), @@ -188,86 +191,105 @@ CONSTRAINT `x_atd_grants_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_p DROP TABLE IF EXISTS `x_policy_condition_def`; CREATE TABLE `x_policy_condition_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`def_id` bigint(20) NOT NULL, -`name` varchar(1024) DEFAULT NULL, +`def_id` bigint(20) NOT NULL, +`name` varchar(1024) DEFAULT NULL, `evaluator` varchar(1024) DEFAULT NULL, `evaluator_options` varchar(1024) DEFAULT NULL, -`label` varchar(1024) DEFAULT NULL, -`description` varchar(1024) DEFAULT NULL, -`rb_key_label` varchar(1024) DEFAULT NULL, -`rb_key_description` varchar(1024) DEFAULT NULL, +`label` varchar(1024) DEFAULT NULL, +`description` varchar(1024) DEFAULT NULL, +`rb_key_label` varchar(1024) DEFAULT NULL, +`rb_key_description` varchar(1024) DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', -primary key (`id`), -CONSTRAINT `x_policy_cond_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), -CONSTRAINT `x_policy_cond_def_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_policy_cond_def_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +primary key (`id`) , +CONSTRAINT `x_policy_condition_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), +CONSTRAINT `x_policy_condition_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_condition_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +); + +DROP TABLE IF EXISTS `x_context_enricher_def`; +CREATE TABLE `x_context_enricher_def` ( +`id` bigint(20) NOT NULL AUTO_INCREMENT , +`guid` varchar(1024) DEFAULT NULL, +`create_time` datetime DEFAULT NULL, +`update_time` datetime DEFAULT NULL, +`added_by_id` bigint(20) DEFAULT NULL, +`upd_by_id` bigint(20) DEFAULT NULL, +`def_id` bigint(20) NOT NULL, +`name` varchar(1024) DEFAULT NULL, +`enricher` varchar(1024) DEFAULT NULL, +`enricher_options` varchar(1024) DEFAULT NULL, +`sort_order` tinyint(3) DEFAULT '0', +primary key (`id`) , +CONSTRAINT `x_context_enricher_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), +CONSTRAINT `x_context_enricher_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_context_enricher_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_enum_def`; CREATE TABLE `x_enum_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `def_id` bigint(20) NOT NULL, -`name` varchar(1024) DEFAULT NULL, -`default_index` bigint(20) DEFAULT NULL, -primary key (`id`), +`name` varchar(1024) DEFAULT NULL, +`default_index` bigint(20) DEFAULT NULL, +primary key (`id`), CONSTRAINT `x_enum_def_FK_defid` FOREIGN KEY (`def_id`) REFERENCES `x_service_def` (`id`), -CONSTRAINT `x_enum_def_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_enum_def_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_enum_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_enum_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_enum_element_def`; CREATE TABLE `x_enum_element_def` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`enum_def_id` bigint(20) NOT NULL, -`name` varchar(1024) DEFAULT NULL, -`label` varchar(1024) DEFAULT NULL, -`rb_key_label` varchar(1024) DEFAULT NULL, -`sort_order` tinyint(3) DEFAULT '0', -primary key (`id`), +`enum_def_id` bigint(20) NOT NULL, +`name` varchar(1024) DEFAULT NULL, +`label` varchar(1024) DEFAULT NULL, +`rb_key_label` varchar(1024) DEFAULT NULL, +`sort_order` tinyint(3) DEFAULT '0', +primary key (`id`), CONSTRAINT `x_enum_element_def_FK_defid` FOREIGN KEY (`enum_def_id`) REFERENCES `x_enum_def` (`id`), -CONSTRAINT `x_enum_element_def_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_enum_element_def_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_enum_element_def_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_enum_element_def_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_service_config_map`; CREATE TABLE `x_service_config_map` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, `service` bigint(20) NOT NULL, -`config_key` varchar(1024) DEFAULT NULL, -`config_value` varchar(1024) DEFAULT NULL, -primary key (`id`), -CONSTRAINT `x_service_conf_map_FK_service` FOREIGN KEY (`service`) REFERENCES `x_service` (`id`), -CONSTRAINT `x_service_conf_map_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_service_conf_map_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +`config_key` varchar(1024) DEFAULT NULL, +`config_value` varchar(1024) DEFAULT NULL, +primary key (`id`), +CONSTRAINT `x_service_config_map_FK_` FOREIGN KEY (`service`) REFERENCES `x_service` (`id`), +CONSTRAINT `x_service_config_map_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_service_config_map_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_resource`; CREATE TABLE `x_policy_resource` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -277,36 +299,36 @@ CREATE TABLE `x_policy_resource` ( `res_def_id` bigint(20) NOT NULL, `is_excludes` tinyint(1) NOT NULL DEFAULT '0', `is_recursive` tinyint(1) NOT NULL DEFAULT '0', -primary key (`id`), -CONSTRAINT `x_policy_res_FK_policy_id` FOREIGN KEY (`policy_id`) REFERENCES `x_policy` (`id`), -CONSTRAINT `x_policy_res_FK_res_def_id` FOREIGN KEY (`res_def_id`) REFERENCES `x_resource_def` (`id`), -CONSTRAINT `x_policy_res_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_policy_res_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +primary key (`id`), +CONSTRAINT `x_policy_resource_FK_policy_id` FOREIGN KEY (`policy_id`) REFERENCES `x_policy` (`id`), +CONSTRAINT `x_policy_resource_FK_res_def_id` FOREIGN KEY (`res_def_id`) REFERENCES `x_resource_def` (`id`), +CONSTRAINT `x_policy_resource_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_resource_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_resource_map`; CREATE TABLE `x_policy_resource_map` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `added_by_id` bigint(20) DEFAULT NULL, `upd_by_id` bigint(20) DEFAULT NULL, -`resource_id` bigint(20) NOT NULL, -`value` varchar(1024) DEFAULT NULL, +`resource_id` bigint(20) NOT NULL, +`value` varchar(1024) DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', -primary key (`id`), -CONSTRAINT `x_policy_res_map_FK_res_id` FOREIGN KEY (`resource_id`) REFERENCES `x_policy_resource` (`id`), -CONSTRAINT `x_policy_res_map_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_policy_res_map_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +primary key (`id`), +CONSTRAINT `x_policy_resource_map_FK_resource_id` FOREIGN KEY (`resource_id`) REFERENCES `x_policy_resource` (`id`), +CONSTRAINT `x_policy_resource_map_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_resource_map_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_item`; CREATE TABLE `x_policy_item` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -324,7 +346,7 @@ CONSTRAINT `x_policy_item_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_ DROP TABLE IF EXISTS `x_policy_item_access`; CREATE TABLE `x_policy_item_access` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -332,18 +354,18 @@ CREATE TABLE `x_policy_item_access` ( `upd_by_id` bigint(20) DEFAULT NULL, `policy_item_id` bigint(20) NOT NULL, `type` bigint(20) NOT NULL, -`is_allowed` tinyint(3) NOT NULL DEFAULT '0', +`is_allowed` tinyint(11) NOT NULL DEFAULT '0', `sort_order` tinyint(3) DEFAULT '0', primary key (id), -CONSTRAINT `x_plc_item_access_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`), -CONSTRAINT `x_plc_item_access_FK_atd_id` FOREIGN KEY (`type`) REFERENCES `x_access_type_def` (`id`), -CONSTRAINT `x_plc_item_access_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_plc_item_access_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_policy_item_access_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`) , +CONSTRAINT `x_policy_item_access_FK_atd_id` FOREIGN KEY (`type`) REFERENCES `x_access_type_def` (`id`), +CONSTRAINT `x_policy_item_access_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_item_access_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_item_condition`; CREATE TABLE `x_policy_item_condition` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -354,15 +376,15 @@ CREATE TABLE `x_policy_item_condition` ( `value` varchar(1024) DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', primary key (id), -CONSTRAINT `x_plc_item_cond_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`), -CONSTRAINT `x_plc_item_cond_FK_pcd_id` FOREIGN KEY (`type`) REFERENCES `x_policy_condition_def` (`id`), -CONSTRAINT `x_plc_item_cond_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_plc_item_cond_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_policy_item_condition_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`) , +CONSTRAINT `x_policy_item_condition_FK_pcd_id` FOREIGN KEY (`type`) REFERENCES `x_policy_condition_def` (`id`), +CONSTRAINT `x_policy_item_condition_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_item_condition_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_item_user_perm`; CREATE TABLE `x_policy_item_user_perm` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -372,16 +394,16 @@ CREATE TABLE `x_policy_item_user_perm` ( `user_id` bigint(20) NULL DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', primary key (`id`), -CONSTRAINT `x_plc_itm_usr_perm_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`), -CONSTRAINT `x_plc_itm_usr_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_user` (`id`), -CONSTRAINT `x_plc_itm_usr_perm_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_plc_itm_usr_perm_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_policy_item_user_perm_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`) , +CONSTRAINT `x_policy_item_user_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_user` (`id`), +CONSTRAINT `x_policy_item_user_perm_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_item_user_perm_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_policy_item_group_perm`; CREATE TABLE `x_policy_item_group_perm` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `guid` varchar(1024) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, @@ -391,15 +413,15 @@ CREATE TABLE `x_policy_item_group_perm` ( `group_id` bigint(20) NULL DEFAULT NULL, `sort_order` tinyint(3) DEFAULT '0', primary key (`id`), -CONSTRAINT `x_plc_itm_grp_perm_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`), -CONSTRAINT `x_plc_itm_grp_perm_FK_group_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`), -CONSTRAINT `x_plc_itm_grp_perm_FK_added_by` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), -CONSTRAINT `x_plc_itm_grp_perm_FK_upd_by` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) +CONSTRAINT `x_policy_item_group_perm_FK_pi_id` FOREIGN KEY (`policy_item_id`) REFERENCES `x_policy_item` (`id`) , +CONSTRAINT `x_policy_item_group_perm_FK_group_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`), +CONSTRAINT `x_policy_item_group_perm_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`), +CONSTRAINT `x_policy_item_group_perm_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`) ); DROP TABLE IF EXISTS `x_data_hist`; CREATE TABLE `x_data_hist` ( -`id` bigint(20) NOT NULL AUTO_INCREMENT, +`id` bigint(20) NOT NULL AUTO_INCREMENT , `create_time` datetime DEFAULT NULL, `update_time` datetime DEFAULT NULL, `obj_guid` varchar(1024) not null, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 0dcdc41..ca9790e 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -26,6 +26,7 @@ import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.db.XXAccessTypeDefDao; import org.apache.ranger.db.XXAccessTypeDefGrantsDao; +import org.apache.ranger.db.XXContextEnricherDefDao; import org.apache.ranger.db.XXEnumDefDao; import org.apache.ranger.db.XXEnumElementDefDao; import org.apache.ranger.db.XXPolicyConditionDefDao; @@ -41,6 +42,7 @@ import org.apache.ranger.db.XXServiceConfigDefDao; import org.apache.ranger.db.XXServiceConfigMapDao; import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXAccessTypeDefGrants; +import org.apache.ranger.entity.XXContextEnricherDef; import org.apache.ranger.entity.XXDBBase; import org.apache.ranger.entity.XXEnumDef; import org.apache.ranger.entity.XXEnumElementDef; @@ -69,12 +71,13 @@ import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; -import org.apache.ranger.plugin.store.LegacyServiceDefsUtil; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.service.RangerAuditFields; @@ -161,7 +164,7 @@ public class ServiceDBStore implements ServiceStore { txTemplate.execute(new TransactionCallback<Object>() { @Override public Object doInTransaction(TransactionStatus status) { - LegacyServiceDefsUtil.instance().init(dbStore); + EmbeddedServiceDefsUtil.instance().init(dbStore); return null; } @@ -195,6 +198,7 @@ public class ServiceDBStore implements ServiceStore { List<RangerResourceDef> resources = serviceDef.getResources(); List<RangerAccessTypeDef> accessTypes = serviceDef.getAccessTypes(); List<RangerPolicyConditionDef> policyConditions = serviceDef.getPolicyConditions(); + List<RangerContextEnricherDef> contextEnrichers = serviceDef.getContextEnrichers(); List<RangerEnumDef> enums = serviceDef.getEnums(); // following fields will be auto populated @@ -249,6 +253,15 @@ public class ServiceDBStore implements ServiceStore { xPolicyCondition = xxPolCondDao.create(xPolicyCondition); } + XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef(); + for (RangerContextEnricherDef contextEnricher : contextEnrichers) { + XXContextEnricherDef xContextEnricher = new XXContextEnricherDef(); + xContextEnricher = serviceDefService + .populateRangerContextEnricherDefToXX(contextEnricher, + xContextEnricher, createdSvcDef); + xContextEnricher = xxContextEnricherDao.create(xContextEnricher); + } + XXEnumDefDao xxEnumDefDao = daoMgr.getXXEnumDef(); for(RangerEnumDef vEnum : enums) { XXEnumDef xEnum = new XXEnumDef(); @@ -297,7 +310,7 @@ public class ServiceDBStore implements ServiceStore { LOG.debug("==> ServiceDefDBStore.deleteServiceDef(" + servceId + ")"); } - // TODO: updateServiceDef() + // TODO: deleteServiceDef() if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDefDBStore.deleteServiceDef(" + servceId + ")"); @@ -573,6 +586,12 @@ public class ServiceDBStore implements ServiceStore { if(service == null) { throw new Exception("service does not exist - name=" + policy.getService()); } + + XXServiceDef xServiceDef = daoMgr.getXXServiceDef().findByName(service.getType()); + + if(xServiceDef == null) { + throw new Exception("service-def does not exist - name=" + service.getType()); + } XXPolicy existing = daoMgr.getXXPolicy().findByName(policy.getName()); @@ -587,7 +606,7 @@ public class ServiceDBStore implements ServiceStore { XXPolicy xCreatedPolicy = daoMgr.getXXPolicy().getById(policy.getId()); createNewResourcesForPolicy(policy, xCreatedPolicy, resources); - createNewPolicyItemsForPolicy(policy, xCreatedPolicy, policyItems); + createNewPolicyItemsForPolicy(policy, xCreatedPolicy, policyItems, xServiceDef); RangerPolicy createdPolicy = policyService.getPopulatedViewObject(xCreatedPolicy); dataHistService.createObjectDataHistory(createdPolicy, RangerDataHistService.ACTION_CREATE); @@ -618,6 +637,13 @@ public class ServiceDBStore implements ServiceStore { if(service == null) { throw new Exception("service does not exist - name=" + policy.getService()); } + + XXServiceDef xServiceDef = daoMgr.getXXServiceDef().findByName(service.getType()); + + if(xServiceDef == null) { + throw new Exception("service-def does not exist - name=" + service.getType()); + } + if(! StringUtils.equalsIgnoreCase(existing.getService(), policy.getService())) { throw new Exception("policy id=" + policy.getId() + " already exists in service " + existing.getService() + ". It can not be moved to service " + policy.getService()); } @@ -640,7 +666,7 @@ public class ServiceDBStore implements ServiceStore { deleteExistingPolicyItems(policy); createNewResourcesForPolicy(policy, newUpdPolicy, newResources); - createNewPolicyItemsForPolicy(policy, newUpdPolicy, newPolicyItems); + createNewPolicyItemsForPolicy(policy, newUpdPolicy, newPolicyItems, xServiceDef); handlePolicyUpdate(service); RangerPolicy updPolicy = policyService.getPopulatedViewObject(newUpdPolicy); @@ -905,7 +931,7 @@ public class ServiceDBStore implements ServiceStore { service = updateService(service); } - private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems) { + private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) { for (RangerPolicyItem policyItem : policyItems) { XXPolicyItem xPolicyItem = new XXPolicyItem(); @@ -969,8 +995,8 @@ public class ServiceDBStore implements ServiceStore { List<RangerPolicyItemCondition> conditions = policyItem.getConditions(); for(RangerPolicyItemCondition condition : conditions) { XXPolicyConditionDef xPolCond = daoMgr - .getXXPolicyConditionDef().findByPolicyItemIdAndName( - xPolicyItem.getId(), condition.getType()); + .getXXPolicyConditionDef().findByServiceDefIdAndName( + xServiceDef.getId(), condition.getType()); if(xPolCond == null) { LOG.info("PolicyCondition is not valid, condition: " http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 1e8b8af..bfe0a43 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -34,7 +34,7 @@ import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.store.LegacyServiceDefsUtil; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.view.VXAsset; import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXDataObject; @@ -56,11 +56,11 @@ public class ServiceUtil { RangerDaoManager xaDaoMgr; static { - mapServiceTypeToAssetType.put(LegacyServiceDefsUtil.LEGACY_SERVICEDEF_HDFS_NAME, new Integer(RangerCommonEnums.ASSET_HDFS)); - mapServiceTypeToAssetType.put(LegacyServiceDefsUtil.LEGACY_SERVICEDEF_HBASE_NAME, new Integer(RangerCommonEnums.ASSET_HBASE)); - mapServiceTypeToAssetType.put(LegacyServiceDefsUtil.LEGACY_SERVICEDEF_HIVE_NAME, new Integer(RangerCommonEnums.ASSET_HIVE)); - mapServiceTypeToAssetType.put(LegacyServiceDefsUtil.LEGACY_SERVICEDEF_KNOX_NAME, new Integer(RangerCommonEnums.ASSET_KNOX)); - mapServiceTypeToAssetType.put(LegacyServiceDefsUtil.LEGACY_SERVICEDEF_STORM_NAME, new Integer(RangerCommonEnums.ASSET_STORM)); + mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HDFS_NAME, new Integer(RangerCommonEnums.ASSET_HDFS)); + mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HBASE_NAME, new Integer(RangerCommonEnums.ASSET_HBASE)); + mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_HIVE_NAME, new Integer(RangerCommonEnums.ASSET_HIVE)); + mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KNOX_NAME, new Integer(RangerCommonEnums.ASSET_KNOX)); + mapServiceTypeToAssetType.put(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_STORM_NAME, new Integer(RangerCommonEnums.ASSET_STORM)); mapAccessTypeToPermType.put("Unknown", 0); mapAccessTypeToPermType.put("Reset", 1); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java index 6325881..b1482b6 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java +++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java @@ -360,6 +360,10 @@ public abstract class RangerDaoManagerBase { return new XXPolicyConditionDefDao(this); } + public XXContextEnricherDefDao getXXContextEnricherDef() { + return new XXContextEnricherDefDao(this); + } + public XXEnumDefDao getXXEnumDef() { return new XXEnumDefDao(this); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/src/main/java/org/apache/ranger/db/XXContextEnricherDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXContextEnricherDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXContextEnricherDefDao.java new file mode 100644 index 0000000..680d66f --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXContextEnricherDefDao.java @@ -0,0 +1,45 @@ +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXContextEnricherDef; + +public class XXContextEnricherDefDao extends BaseDao<XXContextEnricherDef> { + + public XXContextEnricherDefDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXContextEnricherDef> findByServiceDefId(Long serviceDefId) { + if (serviceDefId == null) { + return new ArrayList<XXContextEnricherDef>(); + } + try { + List<XXContextEnricherDef> retList = getEntityManager() + .createNamedQuery("XXContextEnricherDef.findByServiceDefId", tClass) + .setParameter("serviceDefId", serviceDefId).getResultList(); + return retList; + } catch (NoResultException e) { + return new ArrayList<XXContextEnricherDef>(); + } + } + + public XXContextEnricherDef findByServiceDefIdAndName(Long serviceDefId, String name) { + if (serviceDefId == null) { + return null; + } + try { + XXContextEnricherDef retList = getEntityManager() + .createNamedQuery("XXContextEnricherDef.findByServiceDefIdAndName", tClass) + .setParameter("serviceDefId", serviceDefId) + .setParameter("name", name).getSingleResult(); + return retList; + } catch (NoResultException e) { + return null; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/8df90d46/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java index ac69697..a0a172e 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyConditionDefDao.java @@ -28,6 +28,21 @@ public class XXPolicyConditionDefDao extends BaseDao<XXPolicyConditionDef> { } } + public XXPolicyConditionDef findByServiceDefIdAndName(Long serviceDefId, String name) { + if (serviceDefId == null) { + return null; + } + try { + XXPolicyConditionDef retList = getEntityManager() + .createNamedQuery("XXPolicyConditionDef.findByServiceDefIdAndName", tClass) + .setParameter("serviceDefId", serviceDefId) + .setParameter("name", name).getSingleResult(); + return retList; + } catch (NoResultException e) { + return null; + } + } + public List<XXPolicyConditionDef> findByPolicyItemId(Long polItemId) { if(polItemId == null) { return new ArrayList<XXPolicyConditionDef>();
