Repository: incubator-ranger Updated Branches: refs/heads/tag-policy b5a23b273 -> 9578f94cd
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java new file mode 100644 index 0000000..073488f --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java @@ -0,0 +1,569 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.store.file; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.ObjectUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.fs.Path; +import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; +import org.apache.ranger.plugin.model.RangerResource; +import org.apache.ranger.plugin.model.RangerTagDef; +import org.apache.ranger.plugin.store.AbstractTagStore; +import org.apache.ranger.plugin.store.TagPredicateUtil; +import org.apache.ranger.plugin.util.SearchFilter; + +import java.util.ArrayList; +import java.util.List; + +public class TagFileStore extends AbstractTagStore { + private static final Log LOG = LogFactory.getLog(TagFileStore.class); + + public static final String PROPERTY_TAG_FILE_STORE_DIR = "ranger.tag.store.file.dir"; + protected static final String FILE_PREFIX_TAG_DEF = "ranger-tagdef-"; + protected static final String FILE_PREFIX_TAG_RESOURCE = "ranger-tag-resource-"; + + private String tagDataDir = null; + private long nextTagDefId = 0; + private long nextTagResourceId = 0; + + + private TagPredicateUtil predicateUtil = null; + private FileStoreUtil fileStoreUtil = null; + + private volatile static TagFileStore instance = null; + + public static TagFileStore getInstance() { + if (instance == null) { + synchronized (TagFileStore.class) { + if (instance == null) { + instance = new TagFileStore(); + instance.initStore(); + } + } + } + return instance; + } + + TagFileStore() { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.TagFileStore()"); + } + + tagDataDir = RangerConfiguration.getInstance().get(PROPERTY_TAG_FILE_STORE_DIR, "file:///etc/ranger/data"); + fileStoreUtil = new FileStoreUtil(); + + if (LOG.isDebugEnabled()) + + { + LOG.debug("<== TagFileStore.TagFileStore()"); + } + } + + public TagFileStore(String dataDir) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.TagFileStore()"); + } + + this.tagDataDir = dataDir; + fileStoreUtil = new FileStoreUtil(); + + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.TagFileStore()"); + } + } + + @Override + public void init() throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.init()"); + } + + fileStoreUtil.initStore(tagDataDir); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.init()"); + } + } + + protected void initStore() { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.initStore()"); + } + fileStoreUtil.initStore(tagDataDir); + predicateUtil = new TagPredicateUtil(this); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.initStore()"); + } + } + + @Override + public RangerTagDef createTagDef(RangerTagDef tagDef) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.createTagDef(" + tagDef + ")"); + } + + RangerTagDef existing = getTagDef(tagDef.getName()); + + if (existing != null) { + throw new Exception(tagDef.getName() + ": tag-def already exists (id=" + existing.getId() + ")"); + } + + RangerTagDef ret = null; + + try { + preCreate(tagDef); + + tagDef.setId(nextTagDefId); + + ret = fileStoreUtil.saveToFile(tagDef, new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_DEF, nextTagDefId++)), false); + + postCreate(ret); + } catch (Exception excp) { + LOG.warn("TagFileStore.createTagDef(): failed to save tag-def '" + tagDef.getName() + "'", excp); + + throw new Exception("failed to save tag-def '" + tagDef.getName() + "'", excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.createTagDef(" + tagDef + ")"); + } + + return ret; + } + + @Override + public RangerTagDef updateTagDef(RangerTagDef tagDef) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.updateTagDef(" + tagDef + ")"); + } + + RangerTagDef existing = getTagDef(tagDef.getName()); + + if (existing == null) { + throw new Exception(tagDef.getName() + ": tag-def does not exist (id=" + tagDef.getId() + ")"); + } + + RangerTagDef ret = null; + + try { + preUpdate(existing); + + existing.setSource(tagDef.getSource()); + existing.setAttributeDefs(tagDef.getAttributeDefs()); + + ret = fileStoreUtil.saveToFile(existing, new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_DEF, existing.getId())), true); + + postUpdate(existing); + } catch (Exception excp) { + LOG.warn("TagFileStore.updateTagDef(): failed to save tag-def '" + tagDef.getName() + "'", excp); + + throw new Exception("failed to save tag-def '" + tagDef.getName() + "'", excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.updateTagDef(" + tagDef + ")"); + } + + return ret; + } + + @Override + public void deleteTagDef(String name) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.deleteTagDef(" + name + ")"); + } + + RangerTagDef existing = getTagDef(name); + + if (existing == null) { + throw new Exception("no tag-def exists with ID=" + name); + } + + try { + Path filePath = new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_DEF, existing.getId())); + + preDelete(existing); + + fileStoreUtil.deleteFile(filePath); + + postDelete(existing); + } catch (Exception excp) { + throw new Exception("failed to delete tag-def with ID=" + name, excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.deleteTagDef(" + name + ")"); + } + + } + + @Override + public RangerTagDef getTagDef(String name) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getTagDef(" + name + ")"); + } + + RangerTagDef ret = null; + + if (name != null) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_DEF_NAME, name); + + List<RangerTagDef> tagDefs = getTagDefs(filter); + + ret = CollectionUtils.isEmpty(tagDefs) ? null : tagDefs.get(0); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getTagDef(" + name + "): " + ret); + } + + return ret; + } + + @Override + public RangerTagDef getTagDefById(Long id) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getTagDefById(" + id + ")"); + } + + RangerTagDef ret = null; + + if (id != null) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_DEF_ID, id.toString()); + + List<RangerTagDef> tagDefs = getTagDefs(filter); + + ret = CollectionUtils.isEmpty(tagDefs) ? null : tagDefs.get(0); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getTagDefById(" + id + "): " + ret); + } + + return ret; + } + + @Override + public List<RangerTagDef> getTagDefs(SearchFilter filter) throws Exception { + + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getTagDefs()"); + } + + List<RangerTagDef> ret = getAllTagDefs(); + + if (ret != null && filter != null && !filter.isEmpty()) { + CollectionUtils.filter(ret, predicateUtil.getPredicate(filter)); + + //Comparator<RangerBaseModelObject> comparator = getSorter(filter); + + //if(comparator != null) { + //Collections.sort(ret, comparator); + //} + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getTagDefs(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + @Override + public RangerResource createResource(RangerResource resource) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.createResource(" + resource + ")"); + } + + RangerResource existing = null; + if (resource.getId() != null) { + existing = getResource(resource.getId()); + } + + if (existing != null) { + throw new Exception(resource.getId() + ": resource already exists (id=" + existing.getId() + ")"); + } + + RangerResource ret = null; + + try { + preCreate(resource); + + resource.setId(nextTagResourceId); + + ret = fileStoreUtil.saveToFile(resource, new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_RESOURCE, nextTagResourceId++)), false); + + postCreate(ret); + } catch (Exception excp) { + LOG.warn("TagFileStore.createResource(): failed to save resource '" + resource.getId() + "'", excp); + + throw new Exception("failed to save resource '" + resource.getId() + "'", excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.createResource(" + resource + ")"); + } + + return ret; + } + + @Override + public RangerResource updateResource(RangerResource resource) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.updateResource(" + resource + ")"); + } + RangerResource existing = getResource(resource.getId()); + + if (existing == null) { + throw new Exception(resource.getId() + ": resource does not exist (id=" + resource.getId() + ")"); + } + + RangerResource ret = null; + + try { + preUpdate(existing); + + existing.setServiceType(resource.getServiceType()); + existing.setResourceSpecs(resource.getResourceSpecs()); + existing.setTagServiceName(resource.getTagServiceName()); + existing.setTagsAndValues(resource.getTagsAndValues()); + + ret = fileStoreUtil.saveToFile(existing, new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_RESOURCE, existing.getId())), true); + + postUpdate(existing); + } catch (Exception excp) { + LOG.warn("TagFileStore.updateTagDef(): failed to save resource '" + resource.getId() + "'", excp); + + throw new Exception("failed to save tag-def '" + resource.getId() + "'", excp); + } + + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.updateResource(" + resource + ")"); + } + return null; + } + + @Override + public void deleteResource(Long id) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.deleteResource(" + id + ")"); + } + + RangerResource existing = getResource(id); + + if (existing == null) { + throw new Exception("no resource exists with ID=" + id); + } + + try { + Path filePath = new Path(fileStoreUtil.getDataFile(FILE_PREFIX_TAG_RESOURCE, existing.getId())); + + preDelete(existing); + + fileStoreUtil.deleteFile(filePath); + + postDelete(existing); + } catch (Exception excp) { + throw new Exception("failed to delete resource with ID=" + id, excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.deleteResource(" + id + ")"); + } + } + + @Override + public RangerResource getResource(Long id) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getResource(" + id + ")"); + } + RangerResource ret = null; + + if (id != null) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_RESOURCE_ID, id.toString()); + + List<RangerResource> resources = getResources(filter); + + ret = CollectionUtils.isEmpty(resources) ? null : resources.get(0); + } + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getResource(" + id + ")"); + } + return ret; + } + + @Override + public List<RangerResource> getResources(String tagServiceName, String serviceType) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getResources(" + tagServiceName + ", " + serviceType + ")"); + } + List<RangerResource> ret = null; + + SearchFilter filter = new SearchFilter(); + + if (tagServiceName == null || tagServiceName.isEmpty()) { + // Get all tagged resources + } else { + filter.setParam(SearchFilter.TAG_RESOURCE_SERVICE_NAME, tagServiceName); + } + + if (serviceType == null || serviceType.isEmpty()) { + // Get all tagged resources + } else { + filter.setParam(SearchFilter.TAG_RESOURCE_SERVICE_TYPE, serviceType); + } + + ret = getResources(filter); + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getResources(" + tagServiceName + ", " + serviceType + ")"); + + } + return ret; + } + + @Override + public List<RangerResource> getResources(SearchFilter filter) throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getResources()"); + } + + List<RangerResource> ret = getAllTaggedResources(); + + if (ret != null && filter != null && !filter.isEmpty()) { + CollectionUtils.filter(ret, predicateUtil.getPredicate(filter)); + + //Comparator<RangerBaseModelObject> comparator = getSorter(filter); + + //if(comparator != null) { + //Collections.sort(ret, comparator); + //} + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getResources(): count=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + private List<RangerTagDef> getAllTagDefs() throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getAllTagDefs()"); + } + + List<RangerTagDef> ret = new ArrayList<RangerTagDef>(); + + try { + // load Tag definitions from file system + List<RangerTagDef> sds = fileStoreUtil.loadFromDir(new Path(fileStoreUtil.getDataDir()), FILE_PREFIX_TAG_DEF, RangerTagDef.class); + + if (sds != null) { + for (RangerTagDef sd : sds) { + if (sd != null) { + // if the TagDef is already found, remove the earlier definition + for (int i = 0; i < ret.size(); i++) { + RangerTagDef currSd = ret.get(i); + + if (StringUtils.equals(currSd.getName(), sd.getName()) || + ObjectUtils.equals(currSd.getId(), sd.getId())) { + ret.remove(i); + } + } + + ret.add(sd); + } + } + } + nextTagDefId = getMaxId(ret) + 1; + } catch (Exception excp) { + LOG.error("TagFileStore.getAllTagDefs(): failed to read Tag-defs", excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getAllTagDefs(): count=" + (ret == null ? 0 : ret.size())); + } + + if (ret != null) { + //Collections.sort(ret, idComparator); + + //for (RangerTagDef sd : ret) { + //Collections.sort(sd.getResources(), resourceLevelComparator); + //} + } + + return ret; + } + + private List<RangerResource> getAllTaggedResources() throws Exception { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagFileStore.getAllTaggedResources()"); + } + + List<RangerResource> ret = new ArrayList<RangerResource>(); + + try { + // load resource definitions from file system + List<RangerResource> resources = fileStoreUtil.loadFromDir(new Path(fileStoreUtil.getDataDir()), FILE_PREFIX_TAG_RESOURCE, RangerResource.class); + + if (resources != null) { + for (RangerResource resource : resources) { + if (resource != null) { + // if the RangerResource is already found, remove the earlier definition + for (int i = 0; i < ret.size(); i++) { + RangerResource currResource = ret.get(i); + + if (ObjectUtils.equals(currResource.getId(), resource.getId())) { + ret.remove(i); + } + } + + ret.add(resource); + } + } + } + nextTagResourceId = getMaxId(ret) + 1; + } catch (Exception excp) { + LOG.error("TagFileStore.getAllTaggedResources(): failed to read tagged resources", excp); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagFileStore.getAllTaggedResources(): count=" + (ret == null ? 0 : ret.size())); + } + + if (ret != null) { + //Collections.sort(ret, idComparator); + + //for (RangerTagDef sd : ret) { + //Collections.sort(sd.getResources(), resourceLevelComparator); + //} + } + + return ret; + } + +} + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java index 71405cf..63903c8 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/rest/ServiceRESTStore.java @@ -30,6 +30,7 @@ import org.apache.ranger.authorization.hadoop.config.RangerConfiguration; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.store.AbstractServiceStore; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.RangerRESTClient; import org.apache.ranger.plugin.util.SearchFilter; @@ -40,7 +41,7 @@ import com.sun.jersey.api.client.GenericType; import com.sun.jersey.api.client.WebResource; -public class ServiceRESTStore implements ServiceStore { +public class ServiceRESTStore extends AbstractServiceStore { private static final Log LOG = LogFactory.getLog(ServiceRESTStore.class); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index ae6b7a8..b987904 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -50,6 +50,15 @@ public class SearchFilter { public static final String SORT_BY = "sortBy"; public static final String RESOURCE_SIGNATURE = "resourceSignature:"; // search + public static final String TAG_DEF_ID = "tagDefId"; // search + public static final String TAG_DEF_NAME = "tagDefName"; // search + public static final String TAG_RESOURCE_ID = "tagResourceId"; // search + public static final String TAG_RESOURCE_SERVICE_NAME = "tagResourceServiceName"; // search + public static final String TAG_RESOURCE_SERVICE_TYPE = "tagResourceServiceType"; // search + + + + private Map<String, String> params = null; private int startIndex = 0; private int maxRows = Integer.MAX_VALUE; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json new file mode 100644 index 0000000..a20d467 --- /dev/null +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-_tag_.json @@ -0,0 +1,73 @@ +{ + "name": "_tag_", + "implClass": "org.apache.ranger.services.tag.RangerServiceTag", + "label": "TAG", + "description": "TAG Service Definition", + "guid": "0d047248-baff-4cf9-8e9e-d5d377284b2e", + "resources": + [ + { + "itemId":1, + "name": "tag", + "type": "string", + "level": 1, + "parent": "", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": false, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":false }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "TAG", + "description": "TAG" + } + ], + + "accessTypes": + [ + + ], + + "configs": + [ + { + "itemId": 1, + "name": "username", + "type": "string", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Username" + }, + + { + "itemId": 2, + "name": "password", + "type": "password", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Password" + } + ], + + "enums": + [ + + ], + + "contextEnrichers": + [ + + ], + + "policyConditions": + [ + + ] +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 62670c0..5628a32 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -100,9 +100,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; -import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; -import org.apache.ranger.plugin.store.ServicePredicateUtil; -import org.apache.ranger.plugin.store.ServiceStore; +import org.apache.ranger.plugin.store.*; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.service.RangerAuditFields; @@ -128,7 +126,7 @@ import org.springframework.transaction.support.TransactionTemplate; @Component -public class ServiceDBStore implements ServiceStore { +public class ServiceDBStore extends AbstractServiceStore { private static final Log LOG = LogFactory.getLog(ServiceDBStore.class); @Autowired @@ -353,6 +351,8 @@ public class ServiceDBStore implements ServiceStore { RangerServiceDef createdServiceDef = serviceDefService.getPopulatedViewObject(createdSvcDef); dataHistService.createObjectDataHistory(createdServiceDef, RangerDataHistService.ACTION_CREATE); + postCreate(createdServiceDef); + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDefDBStore.createServiceDef(" + serviceDef + "): " + createdServiceDef); } @@ -411,6 +411,9 @@ public class ServiceDBStore implements ServiceStore { RangerServiceDef updatedSvcDef = getServiceDef(serviceDefId); dataHistService.createObjectDataHistory(updatedSvcDef, RangerDataHistService.ACTION_UPDATE); + postUpdate(updatedSvcDef); + + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDefDBStore.updateServiceDef(" + serviceDef + "): " + serviceDef); } @@ -760,7 +763,7 @@ public class ServiceDBStore implements ServiceStore { deleteServiceDef(serviceDefId, false); } - public void deleteServiceDef(Long serviceDefId, boolean forceDelete) throws Exception { + public void deleteServiceDef(Long serviceDefId, Boolean forceDelete) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDefDBStore.deleteServiceDef(" + serviceDefId + ")"); } @@ -843,11 +846,13 @@ public class ServiceDBStore implements ServiceStore { dataHistService.createObjectDataHistory(serviceDef, RangerDataHistService.ACTION_DELETE); + postDelete(serviceDef); + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDefDBStore.deleteServiceDef(" + serviceDefId + ")"); } } - + public void deleteXXAccessTypeDef(XXAccessTypeDef xAccess) { List<XXAccessTypeDefGrants> atdGrantsList = daoMgr.getXXAccessTypeDefGrants().findByATDId(xAccess.getId()); @@ -942,7 +947,8 @@ public class ServiceDBStore implements ServiceStore { return ret; } - public RangerServiceDefList getPaginatedServiceDefs(SearchFilter filter) throws Exception { + @Override + public RangerServiceDefPaginatedList getPaginatedServiceDefs(SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServiceDefs(" + filter + ")"); } @@ -954,8 +960,17 @@ public class ServiceDBStore implements ServiceStore { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServiceDefs(" + filter + ")"); } + RangerServiceDefPaginatedList ret = new RangerServiceDefPaginatedList(); + ret.setServiceDefs(svcDefList.getServiceDefs()); + ret.setResultSize(svcDefList.getResultSize()); + ret.setPageSize(svcDefList.getPageSize()); + ret.setSortBy(svcDefList.getSortBy()); + ret.setSortType(svcDefList.getSortType()); + ret.setStartIndex(svcDefList.getStartIndex()); + ret.setTotalCount(svcDefList.getTotalCount()); + - return svcDefList; + return ret; } @Override @@ -1215,7 +1230,7 @@ public class ServiceDBStore implements ServiceStore { service.setVersion(version); svcService.delete(service); - + dataHistService.createObjectDataHistory(service, RangerDataHistService.ACTION_DELETE); List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, RangerServiceService.OPERATION_DELETE_CONTEXT); @@ -1271,7 +1286,7 @@ public class ServiceDBStore implements ServiceStore { return ret; } - public RangerServiceList getPaginatedServices(SearchFilter filter) throws Exception { + public RangerServicePaginatedList getPaginatedServices(SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServices()"); } @@ -1284,7 +1299,16 @@ public class ServiceDBStore implements ServiceStore { LOG.debug("<== ServiceDBStore.getPaginatedServices()"); } - return serviceList; + RangerServicePaginatedList ret = new RangerServicePaginatedList(); + ret.setServices(serviceList.getServices()); + ret.setResultSize(serviceList.getResultSize()); + ret.setPageSize(serviceList.getPageSize()); + ret.setSortBy(serviceList.getSortBy()); + ret.setSortType(serviceList.getSortType()); + ret.setStartIndex(serviceList.getStartIndex()); + ret.setTotalCount(serviceList.getTotalCount()); + + return ret; } @Override @@ -1475,7 +1499,7 @@ public class ServiceDBStore implements ServiceStore { return ret; } - public RangerPolicyList getPaginatedPolicies(SearchFilter filter) throws Exception { + public RangerPolicyPaginatedList getPaginatedPolicies(SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedPolicies(+ " + filter + ")"); } @@ -1494,7 +1518,16 @@ public class ServiceDBStore implements ServiceStore { LOG.debug("<== ServiceDBStore.getPaginatedPolicies(" + filter + "): count=" + policyList.getListSize()); } - return policyList; + RangerPolicyPaginatedList ret = new RangerPolicyPaginatedList(); + ret.setPolicies(policyList.getPolicies()); + ret.setResultSize(policyList.getResultSize()); + ret.setPageSize(policyList.getPageSize()); + ret.setSortBy(policyList.getSortBy()); + ret.setSortType(policyList.getSortType()); + ret.setStartIndex(policyList.getStartIndex()); + ret.setTotalCount(policyList.getTotalCount()); + + return ret; } @Override @@ -1514,7 +1547,7 @@ public class ServiceDBStore implements ServiceStore { return ret; } - public RangerPolicyList getPaginatedServicePolicies(Long serviceId, SearchFilter filter) throws Exception { + public RangerPolicyPaginatedList getPaginatedServicePolicies(Long serviceId, SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServicePolicies(" + serviceId + ")"); } @@ -1525,7 +1558,7 @@ public class ServiceDBStore implements ServiceStore { throw new Exception("service does not exist - id='" + serviceId); } - RangerPolicyList ret = getPaginatedServicePolicies(service.getName(), filter); + RangerPolicyPaginatedList ret = getPaginatedServicePolicies(service.getName(), filter); if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceDBStore.getPaginatedServicePolicies(" + serviceId + ")"); @@ -1560,12 +1593,12 @@ public class ServiceDBStore implements ServiceStore { return ret; } - public RangerPolicyList getPaginatedServicePolicies(String serviceName, SearchFilter filter) throws Exception { + public RangerPolicyPaginatedList getPaginatedServicePolicies(String serviceName, SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServicePolicies(" + serviceName + ")"); } - RangerPolicyList ret = null; + RangerPolicyPaginatedList ret = null; try { if (filter == null) { @@ -2032,4 +2065,5 @@ public class ServiceDBStore implements ServiceStore { LOG.debug(message); } } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/common/view/VList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/view/VList.java b/security-admin/src/main/java/org/apache/ranger/common/view/VList.java index 4364ae6..b159316 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/view/VList.java +++ b/security-admin/src/main/java/org/apache/ranger/common/view/VList.java @@ -95,6 +95,7 @@ public abstract class VList extends ViewBaseBean implements public void setStartIndex(int startIndex) { this.startIndex = startIndex; } + public int getStartIndex() { return startIndex; } /** @@ -107,7 +108,7 @@ public abstract class VList extends ViewBaseBean implements public void setPageSize(int pageSize) { this.pageSize = pageSize; } - + public int getPageSize() { return pageSize; } /** * This method sets the value to the member attribute <b>totalCount</b>. You @@ -119,6 +120,7 @@ public abstract class VList extends ViewBaseBean implements public void setTotalCount(long totalCount) { this.totalCount = totalCount; } + public long getTotalCount() { return totalCount; } @@ -152,7 +154,7 @@ public abstract class VList extends ViewBaseBean implements public void setSortType(String sortType) { this.sortType = sortType; } - + public String getSortType() { return sortType; } /** @@ -165,6 +167,7 @@ public abstract class VList extends ViewBaseBean implements public void setSortBy(String sortBy) { this.sortBy = sortBy; } + public String getSortBy() { return sortBy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index c2701a6..85e6643 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -74,6 +74,10 @@ import org.apache.ranger.plugin.policyengine.RangerPolicyEngineCache; import org.apache.ranger.plugin.policyengine.RangerPolicyEngineOptions; import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; import org.apache.ranger.plugin.service.ResourceLookupContext; +import org.apache.ranger.plugin.store.RangerPolicyPaginatedList; +import org.apache.ranger.plugin.store.RangerServiceDefPaginatedList; +import org.apache.ranger.plugin.store.RangerServicePaginatedList; +import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; @@ -299,17 +303,27 @@ public class ServiceREST { } RangerServiceDefList ret = null; + RangerServiceDefPaginatedList paginatedSvcDefs = null; SearchFilter filter = searchUtil.getSearchFilter(request, serviceDefService.sortFields); try { - ret = svcStore.getPaginatedServiceDefs(filter); + paginatedSvcDefs = svcStore.getPaginatedServiceDefs(filter); } catch (Exception excp) { LOG.error("getServiceDefs() failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } + ret = new RangerServiceDefList(); + ret.setServiceDefs(paginatedSvcDefs.getServiceDefs()); + ret.setPageSize(paginatedSvcDefs.getPageSize()); + ret.setResultSize(paginatedSvcDefs.getResultSize()); + ret.setStartIndex(paginatedSvcDefs.getStartIndex()); + ret.setTotalCount(paginatedSvcDefs.getTotalCount()); + ret.setSortBy(paginatedSvcDefs.getSortBy()); + ret.setSortType(paginatedSvcDefs.getSortType()); + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getServiceDefs(): count=" + (ret == null ? 0 : ret.getListSize())); } @@ -464,17 +478,28 @@ public class ServiceREST { } RangerServiceList ret = null; + RangerServicePaginatedList paginatedSvcs = null; SearchFilter filter = searchUtil.getSearchFilter(request, svcService.sortFields); try { - ret = svcStore.getPaginatedServices(filter); + paginatedSvcs = svcStore.getPaginatedServices(filter); } catch (Exception excp) { LOG.error("getServices() failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } + ret = new RangerServiceList(); + + ret.setServices(paginatedSvcs.getServices()); + ret.setPageSize(paginatedSvcs.getPageSize()); + ret.setResultSize(paginatedSvcs.getResultSize()); + ret.setStartIndex(paginatedSvcs.getStartIndex()); + ret.setTotalCount(paginatedSvcs.getTotalCount()); + ret.setSortBy(paginatedSvcs.getSortBy()); + ret.setSortType(paginatedSvcs.getSortType()); + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceREST.getServices(): count=" + (ret == null ? 0 : ret.getListSize())); } @@ -981,11 +1006,21 @@ public class ServiceREST { } RangerPolicyList ret = null; + RangerPolicyPaginatedList paginatedPolicies = null; SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); try { - ret = svcStore.getPaginatedPolicies(filter); + paginatedPolicies = svcStore.getPaginatedPolicies(filter); + + ret = new RangerPolicyList(); + ret.setPolicies(paginatedPolicies.getPolicies()); + ret.setPageSize(paginatedPolicies.getPageSize()); + ret.setResultSize(paginatedPolicies.getResultSize()); + ret.setStartIndex(paginatedPolicies.getStartIndex()); + ret.setTotalCount(paginatedPolicies.getTotalCount()); + ret.setSortBy(paginatedPolicies.getSortBy()); + ret.setSortType(paginatedPolicies.getSortType()); applyAdminAccessFilter(ret); } catch (Exception excp) { @@ -1063,11 +1098,21 @@ public class ServiceREST { } RangerPolicyList ret = null; + RangerPolicyPaginatedList paginatedPolicies = null; SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); try { - ret = svcStore.getPaginatedServicePolicies(serviceId, filter); + paginatedPolicies = svcStore.getPaginatedServicePolicies(serviceId, filter); + + ret = new RangerPolicyList(); + ret.setPolicies(paginatedPolicies.getPolicies()); + ret.setPageSize(paginatedPolicies.getPageSize()); + ret.setResultSize(paginatedPolicies.getResultSize()); + ret.setStartIndex(paginatedPolicies.getStartIndex()); + ret.setTotalCount(paginatedPolicies.getTotalCount()); + ret.setSortBy(paginatedPolicies.getSortBy()); + ret.setSortType(paginatedPolicies.getSortType()); applyAdminAccessFilter(ret); } catch (Exception excp) { @@ -1097,11 +1142,21 @@ public class ServiceREST { } RangerPolicyList ret = null; + RangerPolicyPaginatedList paginatedPolicies = null; SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); try { - ret = svcStore.getPaginatedServicePolicies(serviceName, filter); + paginatedPolicies = svcStore.getPaginatedServicePolicies(serviceName, filter); + + ret = new RangerPolicyList(); + ret.setPolicies(paginatedPolicies.getPolicies()); + ret.setPageSize(paginatedPolicies.getPageSize()); + ret.setResultSize(paginatedPolicies.getResultSize()); + ret.setStartIndex(paginatedPolicies.getStartIndex()); + ret.setTotalCount(paginatedPolicies.getTotalCount()); + ret.setSortBy(paginatedPolicies.getSortBy()); + ret.setSortType(paginatedPolicies.getSortType()); applyAdminAccessFilter(ret); } catch (Exception excp) { @@ -1380,7 +1435,13 @@ public class ServiceREST { @GET @Path("/policy/{policyId}/versionList") public VXString getPolicyVersionList(@PathParam("policyId") Long policyId) { - return svcStore.getPolicyVersionList(policyId); + + String policyVersionListStr = svcStore.getPolicyForVersionNumber(policyId); + + VXString ret = new VXString(); + ret.setValue(policyVersionListStr); + + return ret; } @GET http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java new file mode 100644 index 0000000..2383cc4 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -0,0 +1,409 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.rest; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.plugin.model.RangerResource; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerTagDef; +import org.apache.ranger.plugin.store.file.TagFileStore; +import org.apache.ranger.plugin.util.SearchFilter; +import org.owasp.html.TagBalancingHtmlStreamEventReceiver; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Propagation; +import org.springframework.transaction.annotation.Transactional; + +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.*; +import java.util.ArrayList; +import java.util.List; + +@Path(TagRESTConstants.TAGDEF_NAME_AND_VERSION) + +@Component +@Scope("request") +@Transactional(propagation = Propagation.REQUIRES_NEW) +public class TagREST { + + private static final Log LOG = LogFactory.getLog(TagREST.class); + + @Autowired + RESTErrorUtil restErrorUtil; + + /* + @Autowired + TagFileStore tagStore; + */ + + private TagFileStore tagStore = null; + public TagREST() { + tagStore = TagFileStore.getInstance(); + } + + @POST + @Path(TagRESTConstants.TAGS_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerTagDef createTagDef(RangerTagDef tagDef) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.createTagDef(" + tagDef + ")"); + } + + RangerTagDef ret = null; + + try { + //RangerTagDefValidator validator = validatorFactory.getTagDefValidator(tagStore); + //validator.validate(tagDef, Action.CREATE); + ret = tagStore.createTagDef(tagDef); + } catch(Exception excp) { + LOG.error("createTagDef(" + tagDef + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.createTagDef(" + tagDef + "): " + ret); + } + + return ret; + } + + @PUT + @Path(TagRESTConstants.TAG_RESOURCE + "/{name}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + + public RangerTagDef updateTagDef(@PathParam("name") String name, RangerTagDef tagDef) { + + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.updateTagDef(" + name + ")"); + } + if (tagDef.getName() == null) { + tagDef.setName(name); + } else if (!tagDef.getName().equals(name)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "tag name mismatch", true); + } + + RangerTagDef ret = null; + + try { + ret = tagStore.updateTagDef(tagDef); + } catch (Exception excp) { + LOG.error("updateTagDef(" + name + ") failed", excp); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.updateTagDef(" + name + ")"); + } + + return ret; + } + + @DELETE + @Path(TagRESTConstants.TAG_RESOURCE + "/{name}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteTagDef(@PathParam("name") String name) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteTagDef(" + name + ")"); + } + + try { + //RangerTagDefValidator validator = validatorFactory.getTagDefValidator(tagStore); + //validator.validate(guid, Action.DELETE); + tagStore.deleteTagDef(name); + } catch(Exception excp) { + LOG.error("deleteTagDef(" + name + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteTagDef(" + name + ")"); + } + } + + @GET + @Path(TagRESTConstants.TAG_RESOURCE+"/{name}") + @Produces({ "application/json", "application/xml" }) + public RangerTagDef getTagDefByName(@PathParam("name") String name) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getTagDefByName(" + name + ")"); + } + + RangerTagDef ret = null; + + try { + ret = tagStore.getTagDef(name); + } catch(Exception excp) { + LOG.error("getTagDefByName(" + name + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(ret == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getTagDefByName(" + name + "): " + ret); + } + + return ret; + } + + @GET + @Path(TagRESTConstants.TAGS_RESOURCE) + @Produces({ "application/json", "application/xml" }) + public List<RangerTagDef> getTagDefs() { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getTagDefs()"); + } + + List<RangerTagDef> ret = null; + + try { + ret = tagStore.getTagDefs(new SearchFilter()); + } catch(Exception excp) { + LOG.error("getTagDefByName() failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(ret == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getTagDefs()"); + } + + return ret; + } + + @POST + @Path(TagRESTConstants.RESOURCES_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerResource createResource(RangerResource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.createResource(" + resource + ")"); + } + + RangerResource ret = null; + + try { + //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); + //validator.validate(resource, Action.CREATE); + ret = tagStore.createResource(resource); + } catch(Exception excp) { + LOG.error("createResource(" + resource + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.createResource(" + resource + "): " + ret); + } + + return ret; + } + + @PUT + @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerResource updateResource(@PathParam("id") Long id, RangerResource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.updateResource(" + id + ")"); + } + + if (resource.getId() == null) { + resource.setId(id); + } else if (!resource.getId().equals(id)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "resource id mismatch", true); + } + + RangerResource ret = null; + + try { + //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); + //validator.validate(resource, Action.UPDATE); + ret = tagStore.updateResource(resource); + } catch(Exception excp) { + LOG.error("updateResource(" + ret + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.updateResource(" + resource + "): " + ret); + } + + return ret; + } + + @PUT + @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}/" +TagRESTConstants.ACTION_SUB_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + + public RangerResource updateResource(@PathParam("id") final Long id, @DefaultValue(TagRESTConstants.ACTION_ADD) @QueryParam(TagRESTConstants.ACTION_OP) String op, List<RangerResource.RangerResourceTag> resourceTagList) { + + RangerResource ret = null; + + if (op.equals(TagRESTConstants.ACTION_ADD) || + op.equals(TagRESTConstants.ACTION_REPLACE) || + op.equals(TagRESTConstants.ACTION_DELETE)) { + RangerResource oldResource = null; + try { + oldResource = tagStore.getResource(id); + } catch (Exception excp) { + LOG.error("getResource(" + id + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + List<RangerResource.RangerResourceTag> oldTagsAndValues = oldResource.getTagsAndValues(); + + if (op.equals(TagRESTConstants.ACTION_ADD)) { + oldTagsAndValues.addAll(resourceTagList); + oldResource.setTagsAndValues(oldTagsAndValues); + } else if (op.equals(TagRESTConstants.ACTION_REPLACE)) { + oldResource.setTagsAndValues(resourceTagList); + } else if (op.equals(TagRESTConstants.ACTION_DELETE)) { + oldTagsAndValues.removeAll(resourceTagList); + oldResource.setTagsAndValues(oldTagsAndValues); + } + + try { + //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); + //validator.validate(resource, Action.UPDATE); + ret = tagStore.updateResource(oldResource); + } catch (Exception excp) { + LOG.error("updateResource(" + ret + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + } else { + LOG.error("updateResource(" + id + ") failed, invalid operation " + op); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "invalid update operation", true); + } + + return ret; + } + + @DELETE + @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + + public void deleteResource(@PathParam("id") Long id) { + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteResource(" + id + ")"); + } + try { + //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); + //validator.validate(guid, Action.DELETE); + tagStore.deleteResource(id); + } catch (Exception excp) { + LOG.error("deleteResource(" + id + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteResource(" + id + ")"); + } + + } + + @GET + @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Produces({ "application/json", "application/xml" }) + public RangerResource getResource(@PathParam("id") Long id) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getResource(" + id + ")"); + } + + RangerResource ret = null; + + try { + ret = tagStore.getResource(id); + } catch(Exception excp) { + LOG.error("getResource(" + id + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(ret == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getResource(" + id + "): " + ret); + } + + return ret; + } + + @GET + @Path(TagRESTConstants.RESOURCES_RESOURCE) + @Produces({ "application/json", "application/xml" }) + public List<RangerResource> getResources(@DefaultValue("") @QueryParam(TagRESTConstants.TAG_SERVICE_NAME_PARAM) String tagServiceName, + @DefaultValue("") @QueryParam(TagRESTConstants.SERVICE_TYPE_PARAM) String serviceType) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getResources(" + tagServiceName + ", " + serviceType + ")"); + } + + List<RangerResource> ret = null; + + try { + ret = tagStore.getResources(tagServiceName, serviceType); + } catch(Exception excp) { + LOG.error("getResources(" + tagServiceName + ", " + serviceType + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(ret == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + } + + List<RangerResource> toBeFilteredOut = new ArrayList<RangerResource>(); + + for (RangerResource rangerResource : ret) { + if (rangerResource.getTagsAndValues().isEmpty()) { + toBeFilteredOut.add(rangerResource); + } + } + ret.removeAll(toBeFilteredOut); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getResources(" + tagServiceName + "): " + ret); + } + + return ret; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java b/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java new file mode 100644 index 0000000..95d1c1e --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java @@ -0,0 +1,39 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.rest; + +public class TagRESTConstants { + public static final String TAGDEF_NAME_AND_VERSION = "tag-def/v1"; + static final String TAGS_RESOURCE = "tags"; + static final String TAG_RESOURCE = "tag"; + static final String RESOURCES_RESOURCE = "resources"; + static final String RESOURCE_RESOURCE = "resource"; + static final String ACTION_SUB_RESOURCE = "update"; + static final String ACTION_OP = "op"; + static final String ACTION_ADD = "add"; + static final String ACTION_REPLACE = "replace"; + static final String ACTION_DELETE = "delete"; + + public static final String TAG_SERVICE_NAME_PARAM = "tagservicename"; + public static final String SERVICE_TYPE_PARAM = "servicetype"; + + + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java index ecf0b16..f1a1034 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java @@ -20,10 +20,7 @@ package org.apache.ranger.service; import java.util.ArrayList; import java.util.List; -import org.apache.ranger.common.ContextUtil; -import org.apache.ranger.common.RangerConstants; -import org.apache.ranger.common.SearchField; -import org.apache.ranger.common.SortField; +import org.apache.ranger.common.*; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.entity.XXContextEnricherDef; @@ -164,17 +161,28 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi RangerServiceDefList retList = new RangerServiceDefList(); List<XXServiceDef> xSvcDefList = (List<XXServiceDef>) searchResources(searchFilter, searchFields, sortFields, retList); - List<String> userRoleList = ContextUtil.getCurrentUserSession().getUserRoleList(); - for (XXServiceDef xSvcDef : xSvcDefList) { - if(userRoleList != null && !userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ - if(xSvcDef!=null && !"KMS".equalsIgnoreCase(xSvcDef.getName())){ + UserSessionBase userSession = ContextUtil.getCurrentUserSession(); + + if (userSession == null) { + // Internal user + for (XXServiceDef xSvcDef : xSvcDefList) { + if (xSvcDef != null) { serviceDefList.add(populateViewBean(xSvcDef)); } } - else if(userRoleList != null && userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ - if(xSvcDef!=null && "KMS".equalsIgnoreCase(xSvcDef.getName())){ - serviceDefList.add(populateViewBean(xSvcDef)); - break; + } else { + List<String> userRoleList = userSession.getUserRoleList(); + for (XXServiceDef xSvcDef : xSvcDefList) { + if(userRoleList != null && !userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ + if(xSvcDef!=null && !"KMS".equalsIgnoreCase(xSvcDef.getName())){ + serviceDefList.add(populateViewBean(xSvcDef)); + } + } + else if(userRoleList != null && userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)){ + if(xSvcDef!=null && "KMS".equalsIgnoreCase(xSvcDef.getName())){ + serviceDefList.add(populateViewBean(xSvcDef)); + break; + } } } } @@ -183,5 +191,4 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi return retList; } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java index 5b9cf15..16b9c21 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java @@ -85,6 +85,9 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; +import org.apache.ranger.plugin.store.RangerPolicyPaginatedList; +import org.apache.ranger.plugin.store.RangerServiceDefPaginatedList; +import org.apache.ranger.plugin.store.RangerServicePaginatedList; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.security.context.RangerContextHolder; @@ -539,12 +542,9 @@ public class TestServiceDBStore { Mockito.when(serviceDefService.searchRangerServiceDefs(filter)) .thenReturn(serviceDefList); - RangerServiceDefList dbServiceDefList = serviceDBStore + RangerServiceDefPaginatedList dbServiceDefList = serviceDBStore .getPaginatedServiceDefs(filter); Assert.assertNotNull(dbServiceDefList); - Assert.assertEquals(dbServiceDefList, serviceDefList); - Assert.assertEquals(dbServiceDefList.getList(), - serviceDefList.getList()); Assert.assertEquals(dbServiceDefList.getServiceDefs(), serviceDefList.getServiceDefs()); Mockito.verify(serviceDefService).searchRangerServiceDefs(filter); @@ -1066,11 +1066,9 @@ public class TestServiceDBStore { Mockito.when(svcService.searchRangerServices(filter)).thenReturn( serviceListObj); - RangerServiceList dbServiceList = serviceDBStore + RangerServicePaginatedList dbServiceList = serviceDBStore .getPaginatedServices(filter); Assert.assertNotNull(dbServiceList); - Assert.assertEquals(dbServiceList, serviceListObj); - Assert.assertEquals(dbServiceList.getList(), serviceListObj.getList()); Assert.assertEquals(dbServiceList.getServices(), serviceListObj.getServices()); @@ -1703,7 +1701,7 @@ public class TestServiceDBStore { Mockito.when(policyService.searchRangerPolicies(filter)).thenReturn( policyListObj); - RangerPolicyList dbRangerPolicyList = serviceDBStore + RangerPolicyPaginatedList dbRangerPolicyList = serviceDBStore .getPaginatedPolicies(filter); Assert.assertNotNull(dbRangerPolicyList); Mockito.verify(policyService).searchRangerPolicies(filter); @@ -1787,7 +1785,7 @@ public class TestServiceDBStore { Mockito.when(policyService.searchRangerPolicies(filter)).thenReturn( policyList); - RangerPolicyList dbRangerPolicyList = serviceDBStore + RangerPolicyPaginatedList dbRangerPolicyList = serviceDBStore .getPaginatedServicePolicies(serviceName, filter); Assert.assertNotNull(dbRangerPolicyList); Mockito.verify(policyService).searchRangerPolicies(filter); @@ -1802,7 +1800,7 @@ public class TestServiceDBStore { RangerService rangerService = rangerService(); Mockito.when(svcService.read(rangerService.getId())).thenReturn( rangerService); - RangerPolicyList dbRangerPolicyList = serviceDBStore + RangerPolicyPaginatedList dbRangerPolicyList = serviceDBStore .getPaginatedServicePolicies(rangerService.getId(), filter); Assert.assertNull(dbRangerPolicyList); Mockito.verify(svcService).read(rangerService.getId()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578f94c/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index c043389..5501d68 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -58,6 +58,8 @@ import org.apache.ranger.plugin.model.validation.RangerPolicyValidator; import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; import org.apache.ranger.plugin.model.validation.RangerServiceValidator; import org.apache.ranger.plugin.service.ResourceLookupContext; +import org.apache.ranger.plugin.store.RangerPolicyPaginatedList; +import org.apache.ranger.plugin.store.RangerServicePaginatedList; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; @@ -697,7 +699,7 @@ public class TestServiceREST { @Test public void test21countPolicies() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - RangerPolicyList ret = Mockito.mock(RangerPolicyList.class); + RangerPolicyPaginatedList ret = Mockito.mock(RangerPolicyPaginatedList.class); SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.POLICY_NAME, "policyName"); filter.setParam(SearchFilter.SERVICE_NAME, "serviceName"); @@ -723,7 +725,7 @@ public class TestServiceREST { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); RangerPolicy rangerPolicy = rangerPolicy(); - RangerPolicyList ret = Mockito.mock(RangerPolicyList.class); + RangerPolicyPaginatedList ret = Mockito.mock(RangerPolicyPaginatedList.class); SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.POLICY_NAME, "policyName"); filter.setParam(SearchFilter.SERVICE_NAME, "serviceName"); @@ -748,7 +750,7 @@ public class TestServiceREST { public void test23getServicePoliciesByName() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); RangerPolicy rangerPolicy = rangerPolicy(); - RangerPolicyList ret = Mockito.mock(RangerPolicyList.class); + RangerPolicyPaginatedList ret = Mockito.mock(RangerPolicyPaginatedList.class); SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.POLICY_NAME, "policyName"); filter.setParam(SearchFilter.SERVICE_NAME, "serviceName"); @@ -858,7 +860,7 @@ public class TestServiceREST { @Test public void test34countServices() throws Exception { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - RangerServiceList ret = Mockito.mock(RangerServiceList.class); + RangerServicePaginatedList ret = Mockito.mock(RangerServicePaginatedList.class); SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.POLICY_NAME, "policyName"); filter.setParam(SearchFilter.SERVICE_NAME, "serviceName"); @@ -868,7 +870,7 @@ public class TestServiceREST { Mockito.when( svcStore.getPaginatedServices(filter)) - .thenReturn(ret); + .thenReturn(ret); Long data = serviceREST.countServices(request); Assert.assertNotNull(data); Mockito.verify(searchUtil).getSearchFilter(request, policyService.sortFields);
