RANGER-274: tag-based-policies: policyVersion of a service should be updated when its associated tagService policyVersion is updated
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/02475901 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/02475901 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/02475901 Branch: refs/heads/tag-policy Commit: 0247590194798870a528fc32088a37b329d69fae Parents: 6568faa Author: Madhan Neethiraj <[email protected]> Authored: Thu May 21 19:00:49 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Fri May 22 17:05:37 2015 -0700 ---------------------------------------------------------------------- .../plugin/store/AbstractServiceStore.java | 201 ++++++++++++++----- .../plugin/store/ServicePredicateUtil.java | 77 +++++++ .../plugin/store/file/ServiceFileStore.java | 29 ++- .../org/apache/ranger/biz/ServiceDBStore.java | 62 +++++- .../java/org/apache/ranger/db/XXServiceDao.java | 12 ++ .../resources/META-INF/jpa_named_queries.xml | 4 + 6 files changed, 314 insertions(+), 71 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java index e30535a..2f75e38 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java @@ -19,6 +19,7 @@ package org.apache.ranger.plugin.store; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -29,8 +30,11 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.util.SearchFilter; import java.util.ArrayList; +import java.util.Collection; import java.util.Date; +import java.util.HashSet; import java.util.List; +import java.util.Objects; import java.util.UUID; public abstract class AbstractServiceStore implements ServiceStore { @@ -39,6 +43,7 @@ public abstract class AbstractServiceStore implements ServiceStore { private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000; + @Override public void updateTagServiceDefForAccessTypes() throws Exception { if (LOG.isDebugEnabled()) { @@ -46,9 +51,6 @@ public abstract class AbstractServiceStore implements ServiceStore { } List<RangerServiceDef> allServiceDefs = getServiceDefs(new SearchFilter()); for (RangerServiceDef serviceDef : allServiceDefs) { - if (StringUtils.isEmpty(serviceDef.getName()) || serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { - continue; - } updateTagServiceDefForUpdatingAccessTypes(serviceDef); } if (LOG.isDebugEnabled()) { @@ -203,7 +205,7 @@ public abstract class AbstractServiceStore implements ServiceStore { protected void postCreate(RangerBaseModelObject obj) throws Exception { if(obj instanceof RangerServiceDef) { - updateTagServiceDefForAddingAccessTypes((RangerServiceDef)obj); + updateTagServiceDefForUpdatingAccessTypes((RangerServiceDef)obj); } } @@ -234,7 +236,10 @@ public abstract class AbstractServiceStore implements ServiceStore { protected void postUpdate(RangerBaseModelObject obj) throws Exception { if(obj instanceof RangerServiceDef) { - updateTagServiceDefForUpdatingAccessTypes((RangerServiceDef) obj); + RangerServiceDef serviceDef = (RangerServiceDef)obj; + + updateTagServiceDefForUpdatingAccessTypes(serviceDef); + updateServicesForServiceDefUpdate(serviceDef); } } @@ -261,40 +266,58 @@ public abstract class AbstractServiceStore implements ServiceStore { return ret; } - private void updateTagServiceDefForAddingAccessTypes(RangerServiceDef serviceDef) throws Exception { - if (serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { - return; - } + // when a service-def is updated, the updated service-def should be made available to plugins + // this is achieved by incrementing policyVersion of all its services + protected void updateServicesForServiceDefUpdate(RangerServiceDef serviceDef) throws Exception { + boolean isTagServiceDef = StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME); - RangerServiceDef tagServiceDef = null; - try { - tagServiceDef = this.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId()); - } catch (Exception e) { - LOG.error("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- Could not find TAG ServiceDef.. ", e); - throw e; - } - List<RangerServiceDef.RangerAccessTypeDef> accessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + SearchFilter filter = new SearchFilter(); + + filter.setParam(SearchFilter.SERVICE_TYPE, serviceDef.getName()); + + List<RangerService> services = getServices(filter); - for (RangerServiceDef.RangerAccessTypeDef accessType : serviceDef.getAccessTypes()) { - RangerServiceDef.RangerAccessTypeDef newAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType); + if(CollectionUtils.isNotEmpty(services)) { + for(RangerService service : services) { + service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); + service.setPolicyUpdateTime(serviceDef.getUpdateTime()); - newAccessType.setItemId(serviceDef.getId()*(MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1) + accessType.getItemId()); - newAccessType.setName(serviceDef.getName() + ":" + accessType.getName()); - accessTypes.add(newAccessType); + updateService(service); + + if(isTagServiceDef) { + filter = new SearchFilter(); + + filter.setParam(SearchFilter.TAG_SERVICE_NAME, service.getName()); + + List<RangerService> referrringServices = getServices(filter); + + if(CollectionUtils.isNotEmpty(referrringServices)) { + for(RangerService referringService : referrringServices) { + referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion())); + referringService.setPolicyUpdateTime(serviceDef.getUpdateTime()); + + updateService(referringService); + } + } + } + } } + } - tagServiceDef.getAccessTypes().addAll(accessTypes); - try { - updateServiceDef(tagServiceDef); - LOG.info("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- updated TAG service def with " + serviceDef.getName() + " access types"); - } catch (Exception e) { - LOG.error("AbstractServiceStore.updateTagServiceDefForAddingAccessTypes -- Failed to update TAG ServiceDef.. ", e); - throw e; + private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) { + RangerServiceDef.RangerAccessTypeDef ret = null; + + for(RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) { + if(itemId == accessTypeDef.getItemId()) { + ret = accessTypeDef; + break; + } } + return ret; } private void updateTagServiceDefForUpdatingAccessTypes(RangerServiceDef serviceDef) throws Exception { - if (serviceDef.getName().equals(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { + if (StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) { return; } @@ -308,35 +331,106 @@ public abstract class AbstractServiceStore implements ServiceStore { throw e; } - List<RangerServiceDef.RangerAccessTypeDef> tagSvcDefAccessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerServiceDef.RangerAccessTypeDef> toAdd = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + List<RangerServiceDef.RangerAccessTypeDef> toDelete = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); - for (RangerServiceDef.RangerAccessTypeDef accessType : tagServiceDef.getAccessTypes()) { - if (accessType.getName().startsWith(serviceDefName + ":")) { - RangerServiceDef.RangerAccessTypeDef tagSvcDefAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType); - tagSvcDefAccessTypes.add(tagSvcDefAccessType); + List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = serviceDef.getAccessTypes(); + List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = tagServiceDef.getAccessTypes(); + + long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1); + + for (RangerServiceDef.RangerAccessTypeDef svcAccessType : svcDefAccessTypes) { + long tagAccessTypeItemId = svcAccessType.getItemId() + itemIdOffset; + + RangerServiceDef.RangerAccessTypeDef tagAccessType = findAccessTypeDef(tagAccessTypeItemId, tagDefAccessTypes); + + if(tagAccessType == null) { + tagAccessType = new RangerServiceDef.RangerAccessTypeDef(); + + tagAccessType.setItemId(tagAccessTypeItemId); + tagAccessType.setName(serviceDefName + ":" + svcAccessType.getName()); + tagAccessType.setLabel(svcAccessType.getLabel()); + tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel()); + + tagAccessType.setImpliedGrants(new HashSet<String>()); + if(CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) { + for(String svcImpliedGrant : svcAccessType.getImpliedGrants()) { + tagAccessType.getImpliedGrants().add(serviceDefName + ":" + svcImpliedGrant); + } + } + + toAdd.add(tagAccessType); } } - List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = new ArrayList<RangerServiceDef.RangerAccessTypeDef>(); + for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) { + if (tagAccessType.getName().startsWith(serviceDefName + ":")) { + long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset; - for (RangerServiceDef.RangerAccessTypeDef accessType : serviceDef.getAccessTypes()) { - RangerServiceDef.RangerAccessTypeDef svcDefAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType); - svcDefAccessType.setItemId(serviceDef.getId()*(MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1) + accessType.getItemId()); - svcDefAccessType.setName(serviceDefName + ":" + accessType.getName()); - svcDefAccessTypes.add(svcDefAccessType); - } + RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId, svcDefAccessTypes); - tagServiceDef.getAccessTypes().removeAll(tagSvcDefAccessTypes); - tagServiceDef.getAccessTypes().addAll(svcDefAccessTypes); + if(svcAccessType == null) { // accessType has been deleted in service + toDelete.add(tagAccessType); + continue; + } - try { - updateServiceDef(tagServiceDef); - LOG.info("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- updated TAG service def with " + serviceDefName + " access types"); - } catch (Exception e) { - LOG.error("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- Failed to update TAG ServiceDef.. ", e); - throw e; + boolean isUpdated = false; + + if(! Objects.equals(tagAccessType.getName().substring(serviceDefName.length() + 1), svcAccessType.getName())) { + isUpdated = true; + } else if(! Objects.equals(tagAccessType.getLabel(), svcAccessType.getLabel())) { + isUpdated = true; + } else if(! Objects.equals(tagAccessType.getRbKeyLabel(), svcAccessType.getRbKeyLabel())) { + isUpdated = true; + } else { + Collection<String> tagImpliedGrants = tagAccessType.getImpliedGrants(); + Collection<String> svcImpliedGrants = svcAccessType.getImpliedGrants(); + + int tagImpliedGrantsLen = tagImpliedGrants == null ? 0 : tagImpliedGrants.size(); + int svcImpliedGrantsLen = svcImpliedGrants == null ? 0 : svcImpliedGrants.size(); + + if(tagImpliedGrantsLen != svcImpliedGrantsLen) { + isUpdated = true; + } else if(tagImpliedGrantsLen > 0) { + for(String svcImpliedGrant : svcImpliedGrants) { + if(! tagImpliedGrants.contains(serviceDefName + ":" + svcImpliedGrant)) { + isUpdated = true; + break; + } + } + } + } + + if(isUpdated) { + tagAccessType.setName(serviceDefName + ":" + svcAccessType.getName()); + tagAccessType.setLabel(svcAccessType.getLabel()); + tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel()); + + tagAccessType.setImpliedGrants(new HashSet<String>()); + if(CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) { + for(String svcImpliedGrant : svcAccessType.getImpliedGrants()) { + tagAccessType.getImpliedGrants().add(serviceDefName + ":" + svcImpliedGrant); + } + } + + toUpdate.add(tagAccessType); + } + } } + if(CollectionUtils.isNotEmpty(toAdd) || CollectionUtils.isNotEmpty(toUpdate) || CollectionUtils.isNotEmpty(toDelete)) { + tagDefAccessTypes.addAll(toAdd); + tagDefAccessTypes.removeAll(toDelete); + + try { + updateServiceDef(tagServiceDef); + LOG.info("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- updated TAG service def with " + serviceDefName + " access types"); + } catch (Exception e) { + LOG.error("AbstractServiceStore.updateTagServiceDefForUpdatingAccessTypes -- Failed to update TAG ServiceDef.. ", e); + throw e; + } + } } private void updateTagServiceDefForDeletingAccessTypes(String serviceDefName) throws Exception { @@ -355,8 +449,7 @@ public abstract class AbstractServiceStore implements ServiceStore { for (RangerServiceDef.RangerAccessTypeDef accessType : tagServiceDef.getAccessTypes()) { if (accessType.getName().startsWith(serviceDefName + ":")) { - RangerServiceDef.RangerAccessTypeDef newAccessType = new RangerServiceDef.RangerAccessTypeDef(accessType); - accessTypes.add(newAccessType); + accessTypes.add(accessType); } } @@ -369,4 +462,8 @@ public abstract class AbstractServiceStore implements ServiceStore { throw e; } } + + protected long getNextVersion(Long currentVersion) { + return currentVersion == null ? 1L : currentVersion.longValue() + 1; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java index 69560e2..d919697 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/ServicePredicateUtil.java @@ -42,6 +42,8 @@ public class ServicePredicateUtil extends AbstractPredicateUtil { addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates); addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates); + addPredicateForTagSeviceName(filter.getParam(SearchFilter.TAG_SERVICE_NAME), predicates); + addPredicateForTagSeviceId(filter.getParam(SearchFilter.TAG_SERVICE_ID), predicates); } private String getServiceType(String serviceName) { @@ -153,4 +155,79 @@ public class ServicePredicateUtil extends AbstractPredicateUtil { return ret; } + + private Predicate addPredicateForTagSeviceName(final String tagServiceName, List<Predicate> predicates) { + if(StringUtils.isEmpty(tagServiceName)) { + return null; + } + + Predicate ret = new Predicate() { + @Override + public boolean evaluate(Object object) { + if(object == null) { + return false; + } + + boolean ret = false; + + if(object instanceof RangerService) { + RangerService service = (RangerService)object; + + ret = StringUtils.equals(tagServiceName, service.getTagService()); + } else { + ret = true; + } + + return ret; + } + }; + + if(predicates != null) { + predicates.add(ret); + } + + return ret; + } + + private Predicate addPredicateForTagSeviceId(final String tagServiceId, List<Predicate> predicates) { + if(StringUtils.isEmpty(tagServiceId)) { + return null; + } + + Predicate ret = new Predicate() { + @Override + public boolean evaluate(Object object) { + if(object == null) { + return false; + } + + boolean ret = false; + + if(object instanceof RangerService) { + RangerService service = (RangerService)object; + + if(! StringUtils.isEmpty(service.getTagService())) { + RangerService tagService = null; + + try { + tagService = serviceStore.getServiceByName(service.getTagService()); + } catch(Exception excp) { + } + + ret = tagService != null && tagService.getId() != null && StringUtils.equals(tagServiceId, tagService.getId().toString()); + } + } else { + ret = true; + } + + return ret; + } + }; + + if(predicates != null) { + predicates.add(ret); + } + + return ret; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java index 8a34c80..23dd0c0 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java @@ -39,7 +39,6 @@ import org.apache.ranger.plugin.model.RangerServiceDef; import org.apache.ranger.plugin.store.AbstractServiceStore; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.store.ServicePredicateUtil; -import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.store.file.FileStoreUtil; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; @@ -809,19 +808,29 @@ public class ServiceFileStore extends AbstractServiceStore { if(service == null) { return; } - - Long policyVersion = service.getPolicyVersion(); - if(policyVersion == null) { - policyVersion = new Long(1); - } else { - policyVersion = new Long(policyVersion.longValue() + 1); - } - - service.setPolicyVersion(policyVersion); + service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); service.setPolicyUpdateTime(new Date()); fileStoreUtil.saveToFile(service, FILE_PREFIX_SERVICE, true); + + boolean isTagServiceDef = StringUtils.equals(service.getType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME); + + if(isTagServiceDef) { + SearchFilter filter = new SearchFilter(); + filter.setParam(SearchFilter.TAG_SERVICE_NAME, service.getName()); + + List<RangerService> referringServices = getServices(filter); + + if(CollectionUtils.isNotEmpty(referringServices)) { + for(RangerService referringService : referringServices) { + referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion())); + referringService.setPolicyUpdateTime(service.getPolicyUpdateTime()); + + fileStoreUtil.saveToFile(referringService, FILE_PREFIX_SERVICE, true); + } + } + } } private RangerPolicy findPolicyByName(String serviceName, String policyName) throws Exception { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 5628a32..0623518 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -29,6 +29,7 @@ import java.util.Map.Entry; import javax.annotation.PostConstruct; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -1798,21 +1799,29 @@ public class ServiceDBStore extends AbstractServiceStore { return; } - Long policyVersion = service.getPolicyVersion(); - - if(policyVersion == null) { - policyVersion = new Long(1); - } else { - policyVersion = new Long(policyVersion.longValue() + 1); - } - - service.setPolicyVersion(policyVersion); + service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); service.setPolicyUpdateTime(new Date()); serviceDbObj.setPolicyVersion(service.getPolicyVersion()); serviceDbObj.setPolicyUpdateTime(service.getPolicyUpdateTime()); serviceDao.update(serviceDbObj); + + // if this is a tag service, update all services that refer to this tag service + // so that next policy-download from plugins will get updated tag policies + boolean isTagService = serviceDbObj.getType() == EmbeddedServiceDefsUtil.instance().getTagServiceDefId(); + if(isTagService) { + List<XXService> referringServices = serviceDao.findByTagServiceId(serviceDbObj.getId()); + + if(CollectionUtils.isNotEmpty(referringServices)) { + for(XXService referringService : referringServices) { + referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion())); + referringService.setPolicyUpdateTime(service.getPolicyUpdateTime()); + + serviceDao.update(referringService); + } + } + } } private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) { @@ -2066,4 +2075,39 @@ public class ServiceDBStore extends AbstractServiceStore { } } + // when a service-def is updated, the updated service-def should be made available to plugins + // this is achieved by incrementing policyVersion of all services of this service-def + protected void updateServicesForServiceDefUpdate(RangerServiceDef serviceDef) throws Exception { + if(serviceDef == null) { + return; + } + + boolean isTagServiceDef = StringUtils.equals(serviceDef.getName(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME); + + XXServiceDao serviceDao = daoMgr.getXXService(); + + List<XXService> services = serviceDao.findByServiceDefId(serviceDef.getId()); + + if(CollectionUtils.isNotEmpty(services)) { + for(XXService service : services) { + service.setPolicyVersion(getNextVersion(service.getPolicyVersion())); + service.setPolicyUpdateTime(serviceDef.getUpdateTime()); + + serviceDao.update(service); + + if(isTagServiceDef) { + List<XXService> referrringServices = serviceDao.findByTagServiceId(service.getId()); + + if(CollectionUtils.isNotEmpty(referrringServices)) { + for(XXService referringService : referrringServices) { + referringService.setPolicyVersion(getNextVersion(referringService.getPolicyVersion())); + referringService.setPolicyUpdateTime(serviceDef.getUpdateTime()); + + serviceDao.update(referringService); + } + } + } + } + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java index 4f35ad3..5a38aaa 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceDao.java @@ -69,4 +69,16 @@ public class XXServiceDao extends BaseDao<XXService> { } } + public List<XXService> findByTagServiceId(Long tagServiceId) { + if (tagServiceId == null) { + return new ArrayList<XXService>(); + } + try { + return getEntityManager().createNamedQuery("XXService.findByTagServiceId", tClass) + .setParameter("tagServiceId", tagServiceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXService>(); + } + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/02475901/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 054a0bd..f844653 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -352,6 +352,10 @@ <query>select obj from XXService obj where obj.type = :serviceDefId</query> </named-query> + <named-query name="XXService.findByTagServiceId"> + <query>select obj from XXService obj where obj.tagService = :tagServiceId</query> + </named-query> + <!-- XXPolicyResource --> <named-query name="XXPolicyResource.findByResDefIdAndPolicyId"> <query>select obj from XXPolicyResource obj where
