Repository: incubator-ranger Updated Branches: refs/heads/master a93ac46d6 -> fabc9e205
RANGER-391: ServiceDBStore to preserve the order of resources/users/groups Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fabc9e20 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fabc9e20 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fabc9e20 Branch: refs/heads/master Commit: fabc9e2059f748585799d85eecf012c2fdc22145 Parents: a93ac46 Author: Madhan Neethiraj <[email protected]> Authored: Sat Apr 11 22:37:05 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Sat Apr 11 22:37:05 2015 -0700 ---------------------------------------------------------------------- .../org/apache/ranger/biz/ServiceDBStore.java | 57 ++++++++++--- .../org/apache/ranger/common/ServiceUtil.java | 86 +++++++++++++++++++- .../resources/META-INF/jpa_named_queries.xml | 44 +++++----- 3 files changed, 151 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index fd9c95b..7da3d8b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -248,30 +248,39 @@ public class ServiceDBStore extends AbstractServiceStore { XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId); XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef(); - for(RangerServiceConfigDef config : configs) { + for(int i = 0; i < configs.size(); i++) { + RangerServiceConfigDef config = configs.get(i); + XXServiceConfigDef xConfig = new XXServiceConfigDef(); xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xConfig.setOrder(i); xConfig = xxServiceConfigDao.create(xConfig); } XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef(); - for(RangerResourceDef resource : resources) { + for(int i = 0; i < resources.size(); i++) { + RangerResourceDef resource = resources.get(i); + XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId); Long parentId = (parent != null) ? parent.getId() : null; XXResourceDef xResource = new XXResourceDef(); xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xResource.setOrder(i); xResource.setParent(parentId); xResource = xxResDefDao.create(xResource); } XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef(); - for(RangerAccessTypeDef accessType : accessTypes) { + for(int i = 0; i < accessTypes.size(); i++) { + RangerAccessTypeDef accessType = accessTypes.get(i); + XXAccessTypeDef xAccessType = new XXAccessTypeDef(); xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(accessType, xAccessType, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xAccessType.setOrder(i); xAccessType = xxATDDao.create(xAccessType); Collection<String> impliedGrants = accessType.getImpliedGrants(); @@ -285,20 +294,26 @@ public class ServiceDBStore extends AbstractServiceStore { } XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef(); - for (RangerPolicyConditionDef policyCondition : policyConditions) { + for (int i = 0; i < policyConditions.size(); i++) { + RangerPolicyConditionDef policyCondition = policyConditions.get(i); + XXPolicyConditionDef xPolicyCondition = new XXPolicyConditionDef(); xPolicyCondition = serviceDefService .populateRangerPolicyConditionDefToXX(policyCondition, xPolicyCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xPolicyCondition.setOrder(i); xPolicyCondition = xxPolCondDao.create(xPolicyCondition); } XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef(); - for (RangerContextEnricherDef contextEnricher : contextEnrichers) { + for (int i = 0; i < contextEnrichers.size(); i++) { + RangerContextEnricherDef contextEnricher = contextEnrichers.get(i); + XXContextEnricherDef xContextEnricher = new XXContextEnricherDef(); xContextEnricher = serviceDefService .populateRangerContextEnricherDefToXX(contextEnricher, xContextEnricher, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xContextEnricher.setOrder(i); xContextEnricher = xxContextEnricherDao.create(xContextEnricher); } @@ -310,9 +325,12 @@ public class ServiceDBStore extends AbstractServiceStore { List<RangerEnumElementDef> elements = vEnum.getElements(); XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef(); - for(RangerEnumElementDef element : elements) { + for(int i = 0; i < elements.size(); i++) { + RangerEnumElementDef element = elements.get(i); + XXEnumElementDef xElement = new XXEnumElementDef(); xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT); + xElement.setOrder(i); xElement = xxEnumEleDefDao.create(xElement); } } @@ -1140,16 +1158,19 @@ public class ServiceDBStore extends AbstractServiceStore { private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) { - for (RangerPolicyItem policyItem : policyItems) { + for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) { + RangerPolicyItem policyItem = policyItems.get(itemOrder); XXPolicyItem xPolicyItem = new XXPolicyItem(); xPolicyItem = (XXPolicyItem) rangerAuditFields.populateAuditFields( xPolicyItem, xPolicy); xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin()); xPolicyItem.setPolicyId(policy.getId()); + xPolicyItem.setOrder(itemOrder); xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem); List<RangerPolicyItemAccess> accesses = policyItem.getAccesses(); - for (RangerPolicyItemAccess access : accesses) { + for (int i = 0; i < accesses.size(); i++) { + RangerPolicyItemAccess access = accesses.get(i); XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef() .findByNameAndServiceId(access.getType(), @@ -1166,11 +1187,14 @@ public class ServiceDBStore extends AbstractServiceStore { xPolItemAcc.setType(xAccTypeDef.getId()); xPolItemAcc.setPolicyitemid(xPolicyItem.getId()); + xPolItemAcc.setOrder(i); xPolItemAcc = daoMgr.getXXPolicyItemAccess() .create(xPolItemAcc); } List<String> users = policyItem.getUsers(); - for(String user : users) { + for(int i = 0; i < users.size(); i++) { + String user = users.get(i); + XXUser xUser = daoMgr.getXXUser().findByUserName(user); if(xUser == null) { LOG.info("User does not exists with username: " @@ -1181,11 +1205,14 @@ public class ServiceDBStore extends AbstractServiceStore { xUserPerm = (XXPolicyItemUserPerm) rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem); xUserPerm.setUserId(xUser.getId()); xUserPerm.setPolicyItemId(xPolicyItem.getId()); + xUserPerm.setOrder(i); xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm); } List<String> groups = policyItem.getGroups(); - for(String group : groups) { + for(int i = 0; i < groups.size(); i++) { + String group = groups.get(i); + XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); if(xGrp == null) { LOG.info("Group does not exists with groupName: " @@ -1196,6 +1223,7 @@ public class ServiceDBStore extends AbstractServiceStore { xGrpPerm = (XXPolicyItemGroupPerm) rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem); xGrpPerm.setGroupId(xGrp.getId()); xGrpPerm.setPolicyItemId(xPolicyItem.getId()); + xGrpPerm.setOrder(i); xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm); } @@ -1212,12 +1240,14 @@ public class ServiceDBStore extends AbstractServiceStore { continue; } - for(String value : condition.getValues()) { + for(int i = 0; i < condition.getValues().size(); i++) { + String value = condition.getValues().get(i); XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition(); xPolItemCond = (XXPolicyItemCondition) rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem); xPolItemCond.setPolicyItemId(xPolicyItem.getId()); xPolItemCond.setType(xPolCond.getId()); xPolItemCond.setValue(value); + xPolItemCond.setOrder(i); xPolItemCond = daoMgr.getXXPolicyItemCondition().create(xPolItemCond); } } @@ -1247,11 +1277,12 @@ public class ServiceDBStore extends AbstractServiceStore { xPolRes = daoMgr.getXXPolicyResource().create(xPolRes); List<String> values = policyRes.getValues(); - for (String value : values) { + for(int i = 0; i < values.size(); i++) { XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap(); xPolResMap = (XXPolicyResourceMap) rangerAuditFields.populateAuditFields(xPolResMap, xPolRes); xPolResMap.setResourceId(xPolRes.getId()); - xPolResMap.setValue(value); + xPolResMap.setValue(values.get(i)); + xPolResMap.setOrder(i); xPolResMap = daoMgr.getXXPolicyResourceMap().create(xPolResMap); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java index 19d320c..e13dea2 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java @@ -44,6 +44,7 @@ import org.apache.ranger.entity.XXUser; import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; @@ -322,6 +323,7 @@ public class ServiceUtil { ret.setServices(resString); } } + updateResourceName(ret); List<VXPermMap> permMapList = getVXPermMapList(policy); @@ -486,7 +488,89 @@ public class ServiceUtil { } return ret; } - + + private void updateResourceName(VXResource resource) { + if(resource == null) { + return; + } + + StringBuilder sb = new StringBuilder(); + + switch(resource.getAssetType()) { + case RangerCommonEnums.ASSET_HDFS: + sb.append(emptyIfNull(resource.getName())); + break; + + case RangerCommonEnums.ASSET_HBASE: + { + String tables = emptyIfNull(resource.getTables()); + String columnFamilies = emptyIfNull(resource.getColumnFamilies()); + String columns = emptyIfNull(resource.getColumns()); + + for(String column : columns.split(",")) { + for(String columnFamily : columnFamilies.split(",")) { + for(String table : tables.split(",")) { + if(sb.length() > 0) { + sb.append(","); + } + + sb.append("/").append(table).append("/").append(columnFamily).append("/").append(column); + } + } + } + } + break; + + case RangerCommonEnums.ASSET_HIVE: + { + String databases = emptyIfNull(resource.getDatabases()); + String tables = emptyIfNull(resource.getTables()); + String columns = emptyIfNull(resource.getColumns()); + + for(String column : columns.split(",")) { + for(String table : tables.split(",")) { + for(String database : databases.split(",")) { + if(sb.length() > 0) { + sb.append(","); + } + + sb.append("/").append(database).append(table).append("/").append("/").append(column); + } + } + } + } + break; + + case RangerCommonEnums.ASSET_KNOX: + { + String topologies = emptyIfNull(resource.getTopologies()); + String services = emptyIfNull(resource.getServices()); + + for(String service : services.split(",")) { + for(String topology : topologies.split(",")) { + if(sb.length() > 0) { + sb.append(","); + } + + sb.append("/").append(topology).append(service); + } + } + } + break; + + case RangerCommonEnums.ASSET_STORM: + sb.append(emptyIfNull(resource.getTopologies())); + break; + } + + if(sb.length() > 0) { + resource.setName(sb.toString()); + } + } + + private String emptyIfNull(String str) { + return str == null ? "" : str; + } private String getResourceString(List<String> values) { String ret = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index dc46fa2..b16635f 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -190,16 +190,16 @@ <!-- XXPolicyItem --> <named-query name="XXPolicyItem.findByPolicyId"> - <query>select obj from XXPolicyItem obj where obj.policyId = :policyId</query> + <query>select obj from XXPolicyItem obj where obj.policyId = :policyId order by obj.order</query> </named-query> <!-- XXPolicy --> <named-query name="XXPolicy.findByNameAndServiceId"> - <query>select obj from XXPolicy obj where obj.name = :polName and obj.service = :serviceId</query> + <query>select obj from XXPolicy obj where obj.name = :polName and obj.service = :serviceId order by obj.id</query> </named-query> <named-query name="XXPolicy.findByServiceId"> - <query>select obj from XXPolicy obj where obj.service = :serviceId</query> + <query>select obj from XXPolicy obj where obj.service = :serviceId order by obj.id</query> </named-query> <named-query name="XXPolicy.getMaxIdOfXXPolicy"> @@ -217,23 +217,23 @@ <!-- XXResourceDef --> <named-query name="XXResourceDef.findByNameAndDefId"> - <query>select obj from XXResourceDef obj where obj.name = :name and obj.defId = :defId</query> + <query>select obj from XXResourceDef obj where obj.name = :name and obj.defId = :defId order by obj.level</query> </named-query> <named-query name="XXResourceDef.findByServiceDefId"> - <query>select obj from XXResourceDef obj where obj.defId = :serviceDefId</query> + <query>select obj from XXResourceDef obj where obj.defId = :serviceDefId order by obj.level</query> </named-query> <named-query name="XXResourceDef.findByPolicyId"> <query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef, XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type - and xSvc.id = xPol.service and xPol.id = :policyId</query> + and xSvc.id = xPol.service and xPol.id = :policyId order by obj.level</query> </named-query> <named-query name="XXResourceDef.findByNameAndPolicyId"> <query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef, XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type - and xSvc.id = xPol.service and xPol.id = :policyId and obj.name = :name</query> + and xSvc.id = xPol.service and xPol.id = :policyId and obj.name = :name order by obj.level</query> </named-query> <!-- XXAccessTypeDefGrants --> @@ -243,17 +243,17 @@ <!-- XXEnumElementDef --> <named-query name="XXEnumElementDef.findByEnumDefId"> - <query>select obj from XXEnumElementDef obj where obj.enumDefId = :enumDefId</query> + <query>select obj from XXEnumElementDef obj where obj.enumDefId = :enumDefId order by obj.order</query> </named-query> <!-- XXServiceConfigDef --> <named-query name="XXServiceConfigDef.findByServiceDefId"> - <query>select obj from XXServiceConfigDef obj where obj.defId = :serviceDefId</query> + <query>select obj from XXServiceConfigDef obj where obj.defId = :serviceDefId order by obj.order</query> </named-query> <named-query name="XXServiceConfigDef.findByServiceDefName"> <query>select obj from XXServiceConfigDef obj, XXServiceDef svcDef - where obj.defId = svcDef.id and svcDef.name = :serviceDef</query> + where obj.defId = svcDef.id and svcDef.name = :serviceDef order by obj.order</query> </named-query> @@ -273,28 +273,28 @@ </named-query> <named-query name="XXPolicyConditionDef.findByServiceDefIdAndName"> - <query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name</query> + <query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name order by obj.order</query> </named-query> <named-query name="XXPolicyConditionDef.findByPolicyItemId"> <query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond - where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type</query> + where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type order by obj.order</query> </named-query> <named-query name="XXPolicyConditionDef.findByPolicyItemIdAndName"> <query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond where xPolItemCond.policyItemId = :polItemId and obj.name = :name - and obj.id = xPolItemCond.type + and obj.id = xPolItemCond.type order by obj.order </query> </named-query> <!-- XXContextEnricherDef --> <named-query name="XXContextEnricherDef.findByServiceDefId"> - <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId</query> + <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId order by obj.order</query> </named-query> <named-query name="XXContextEnricherDef.findByServiceDefIdAndName"> - <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId and obj.name = :name</query> + <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId and obj.name = :name order by obj.order</query> </named-query> @@ -334,32 +334,32 @@ <!-- XXPolicyResourceMap --> <named-query name="XXPolicyResourceMap.findByPolicyResId"> - <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId</query> + <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId order by obj.order</query> </named-query> <!-- XXPolicyItemAccess --> <named-query name="XXPolicyItemAccess.findByPolicyItemId"> - <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId</query> + <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> <!-- XXPolicyItemCondition --> <named-query name="XXPolicyItemCondition.findByPolicyItemId"> - <query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId </query> + <query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> <named-query name="XXPolicyItemCondition.findByPolicyItemAndDefId"> <query>select obj from XXPolicyItemCondition obj where - obj.policyItemId = :polItemId and obj.type = :polCondDefId</query> + obj.policyItemId = :polItemId and obj.type = :polCondDefId order by obj.order</query> </named-query> <!-- XXPolicyItemGroupPerm --> <named-query name="XXPolicyItemGroupPerm.findByPolicyItemId"> - <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId</query> + <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> <!-- XXPolicyItemUserPerm --> <named-query name="XXPolicyItemUserPerm.findByPolicyItemId"> - <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId</query> + <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> <!-- XXDataHist --> @@ -482,4 +482,4 @@ xpu.id=:userId and gmp.isAllowed=:isAllowed </query> </named-query> -</entity-mappings> \ No newline at end of file +</entity-mappings>
