http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/agents-common/src/test/resources/admin/service-defs/test-hive-servicedef.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/admin/service-defs/test-hive-servicedef.json b/agents-common/src/test/resources/admin/service-defs/test-hive-servicedef.json new file mode 100644 index 0000000..53b1926 --- /dev/null +++ b/agents-common/src/test/resources/admin/service-defs/test-hive-servicedef.json @@ -0,0 +1,226 @@ +{ + "id":3, + "name": "hive", + "implClass": "org.apache.ranger.services.hive.RangerServiceHive", + "label": "Hive Server2", + "description": "Hive Server2", + "guid": "3e1afb5a-184a-4e82-9d9c-87a5cacc243c", + "resources": + [ + { + "itemId": 1, + "name": "database", + "type": "string", + "level": 10, + "parent": "", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Hive Database", + "description": "Hive Database" + }, + + { + "itemId": 2, + "name": "table", + "type": "string", + "level": 20, + "parent": "database", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Hive Table", + "description": "Hive Table" + }, + + { + "itemId": 3, + "name": "udf", + "type": "string", + "level": 20, + "parent": "database", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Hive UDF", + "description": "Hive UDF" + }, + + { + "itemId": 4, + "name": "column", + "type": "string", + "level": 30, + "parent": "table", + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { "wildCard":true, "ignoreCase":true }, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Hive Column", + "description": "Hive Column" + } + ], + + "accessTypes": + [ + { + "itemId": 1, + "name": "select", + "label": "select" + }, + + { + "itemId": 2, + "name": "update", + "label": "update" + }, + + { + "itemId": 3, + "name": "create", + "label": "Create" + }, + + { + "itemId": 4, + "name": "drop", + "label": "Drop" + }, + + { + "itemId": 5, + "name": "alter", + "label": "Alter" + }, + + { + "itemId": 6, + "name": "index", + "label": "Index" + }, + + { + "itemId": 7, + "name": "lock", + "label": "Lock" + }, + + { + "itemId": 8, + "name": "all", + "label": "All", + "impliedGrants": + [ + "select", + "update", + "create", + "drop", + "alter", + "index", + "lock" + ] + } + ], + + "configs": + [ + { + "itemId": 1, + "name": "username", + "type": "string", + "mandatory": true, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Username" + }, + + { + "itemId": 2, + "name": "password", + "type": "password", + "mandatory": true, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Password" + }, + + { + "itemId": 3, + "name": "jdbc.driverClassName", + "type": "string", + "mandatory": true, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "defaultValue": "org.apache.hive.jdbc.HiveDriver" + }, + + { + "itemId": 4, + "name": "jdbc.url", + "type": "string", + "mandatory": true, + "defaultValue": "", + "validationRegEx":"", + "validationMessage": "", + "uiHint":"" + }, + + { + "itemId": 5, + "name": "commonNameForCertificate", + "type": "string", + "mandatory": false, + "validationRegEx":"", + "validationMessage": "", + "uiHint":"", + "label": "Common Name for Certificate" + } + ], + + "enums": + [ + + ], + + "contextEnrichers": + [ + ], + + "policyConditions": + [ + { + "itemId":1, + "name":"not-accessed-together", + "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesNotAccessedTogetherCondition", + "evaluatorOptions" : {}, + "label":"Not Accessed Together?", + "description": "List of Hive resources" + } + ] +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json index 9e59cb0..86332e3 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hdfs.json @@ -105,7 +105,7 @@ "itemId": 1, "name" : "TagEnricher", "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", - "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "useTestTagProvider":"false", "dataFile":"/etc/ranger/data/resourceTags.txt"} + "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "dataFile":"/etc/ranger/data/resourceTags.txt"} } ], "policyConditions": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json index 7898223..f7fab3d 100644 --- a/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json +++ b/agents-common/src/test/resources/policyengine/test_policyengine_tag_hive.json @@ -130,7 +130,7 @@ "itemId": 1, "name" : "TagEnricher", "enricher" : "org.apache.ranger.plugin.contextenricher.RangerTagProvider", - "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "useTestTagProvider":"true", "dataFile":"/etc/ranger/data/resourceTags.txt"} + "enricherOptions" : {"tagProviderType":"FILESTORE_BASED_TAG_PROVIDER", "pollingInterval":-1, "dataFile":"/etc/ranger/data/resourceTags.txt"} } ], "policyConditions": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java index 852b98d..22c2a30 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java @@ -19,12 +19,7 @@ package org.apache.ranger.authorization.hive.authorizer; -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; +import java.util.*; import org.apache.commons.lang.StringUtils; import org.apache.ranger.audit.model.AuthzAuditEvent; @@ -97,7 +92,10 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler { RangerHiveResource resource = (RangerHiveResource)request.getResource(); String resourcePath = auditEvent.getResourcePath() + "," + resource.getColumn(); auditEvent.setResourcePath(resourcePath); - auditEvent.getTags().addAll(getTags(request)); + Set<String> tags = getTags(request); + if (tags != null) { + auditEvent.getTags().addAll(tags); + } } else { // new event as this approval was due to a different policy. AuthzAuditEvent auditEvent = createAuditEvent(result); auditEvents.put(policyId, auditEvent); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java ---------------------------------------------------------------------- diff --git a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java index b3ddcdc..b49fb3a 100644 --- a/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java +++ b/knox-agent/src/main/java/org/apache/ranger/admin/client/RangerAdminJersey2RESTClient.java @@ -34,8 +34,7 @@ import javax.ws.rs.core.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.security.AccessControlException; -import org.apache.ranger.plugin.model.RangerTaggedResource; -import org.apache.ranger.plugin.model.RangerTaggedResourceKey; +import org.apache.ranger.plugin.model.RangerTag; import org.apache.ranger.plugin.util.*; import com.google.gson.Gson; @@ -204,8 +203,8 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } @Override - public TagServiceResources getTaggedResources(Long lastTimestamp) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.getTaggedResource() -- *** NOT IMPLEMENTED *** "); + public ServiceTags getServiceTagsIfUpdated(long lastKnownVersion) throws Exception { + throw new Exception("RangerAdminjersey2RESTClient.getServiceTagsIfUpdated() -- *** NOT IMPLEMENTED *** "); } @Override @@ -223,22 +222,6 @@ public class RangerAdminJersey2RESTClient implements RangerAdminClient { } - @Override - public List<RangerTaggedResource> setTagsForResources(List<RangerTaggedResourceKey> keys, List<RangerTaggedResource.RangerResourceTag> tags) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.setTagsForResources() -- *** NOT IMPLEMENTED *** "); - } - - @Override - public RangerTaggedResource setTagsForResource(RangerTaggedResourceKey key, List<RangerTaggedResource.RangerResourceTag> tags) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.setTagsForResource() -- *** NOT IMPLEMENTED *** "); - } - - @Override - public RangerTaggedResource updateTagsForResource(RangerTaggedResourceKey key, List<RangerTaggedResource.RangerResourceTag> tagsToAdd, - List<RangerTaggedResource.RangerResourceTag> tagsToDelete) throws Exception { - throw new Exception("RangerAdminjersey2RESTClient.updateTagsForResource() -- *** NOT IMPLEMENTED *** "); - } - // package level methods left so (and not private only for testability!) Not intended for use outside this class!! Gson getGson() { return new GsonBuilder() http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java index 922c86c..f50687a 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java @@ -48,22 +48,20 @@ import org.apache.ranger.entity.XXTagResourceMap; import org.apache.ranger.entity.XXTaggedResource; import org.apache.ranger.entity.XXTaggedResourceValue; import org.apache.ranger.entity.XXTaggedResourceValueMap; -import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.*; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerTagDef; -import org.apache.ranger.plugin.model.RangerTaggedResource; import org.apache.ranger.plugin.model.RangerTagDef.RangerTagAttributeDef; -import org.apache.ranger.plugin.model.RangerTaggedResource.RangerResourceTag; -import org.apache.ranger.plugin.model.RangerTaggedResourceKey; +import org.apache.ranger.plugin.model.RangerTag; import org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher; +import org.apache.ranger.plugin.store.AbstractTagStore; import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.store.ServiceStore; import org.apache.ranger.plugin.store.TagStore; import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.TagServiceResources; +import org.apache.ranger.plugin.util.ServiceTags; import org.apache.ranger.service.RangerAuditFields; import org.apache.ranger.service.RangerTagDefService; +import org.apache.ranger.service.RangerTagService; import org.apache.ranger.service.RangerTaggedResourceService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -76,6 +74,9 @@ public class TagDBStore implements TagStore { RangerTagDefService rangerTagDefService; @Autowired + RangerTagService rangerTagService; + + @Autowired RangerTaggedResourceService rangerTaggedResourceService; @Autowired @@ -269,115 +270,42 @@ public class TagDBStore implements TagStore { return rangerTagDefService.searchRangerTagDefs(filter); } - @Override - public RangerTaggedResource createTaggedResource(RangerTaggedResource resource, boolean createOrUpdate) throws Exception { - if (LOG.isDebugEnabled()) { - LOG.debug("==> TagDBStore.createTaggedResource(" + resource + ")"); - } + /* + private XXTag createTagAttributes(RangerTag tag) { + XXTag xTag = new XXTag(); - RangerTaggedResource ret = null; - RangerTaggedResource existing = null; - boolean updateResource = false; + xTag.setExternalId(tag.getExternalId()); + xTag.setName(tag.getName()); + xTag.setGuid(guidUtil.genGUID()); + xTag = (XXTag) rangerAuditFields.populateAuditFieldsForCreate(xTag); - existing = getResource(resource.getKey()); + xTag = daoManager.getXXTag().create(xTag); - if (existing != null) { - if (!createOrUpdate) { - throw errorUtil.createRESTException("resource(s) with same specification already exists", MessageEnums.ERROR_DUPLICATE_OBJECT); - } else { - updateResource = true; - } - } + for (Entry<String, String> attr : tag.getAttributeValues().entrySet()) { + XXTagAttribute xTagAttr = new XXTagAttribute(); - if (!updateResource) { - if (resource.getId() != null) { - existing = getResource(resource.getId()); - } + xTagAttr.setTagId(xTag.getId()); + xTagAttr.setName(attr.getKey()); + xTagAttr.setValue(attr.getValue()); + xTagAttr.setGuid(guidUtil.genGUID()); + xTagAttr = (XXTagAttribute) rangerAuditFields.populateAuditFieldsForCreate(xTagAttr); - if (existing != null) { - if (!createOrUpdate) { - throw errorUtil.createRESTException(resource.getId() + ": resource already exists (id=" + existing.getId() + ")", MessageEnums.ERROR_DUPLICATE_OBJECT); - } else { - updateResource = true; - } - } + xTagAttr = daoManager.getXXTagAttribute().create(xTagAttr); } - try { - if (updateResource) { - ret = updateTaggedResource(resource); - } else { - ret = rangerTaggedResourceService.create(resource); - - ret.setKey(resource.getKey()); - ret.setTags(resource.getTags()); - RangerTaggedResourceKey resKey = createResourceSpecForTaggedResource(ret); - List<RangerResourceTag> tags = createTagsForTaggedResource(ret); - - if (resKey == null || tags == null) { - throw errorUtil.createRESTException("failed to save resource '" + resource.getId() + "'", MessageEnums.ERROR_CREATING_OBJECT); - } - } - } catch (Exception excp) { - LOG.warn("TagDBStore.createTaggedResource: failed to save resource '" + resource.getId() + "'", excp); - throw errorUtil.createRESTException("failed to save resource '" + resource.getId() + "'", MessageEnums.ERROR_CREATING_OBJECT); - } - - if (LOG.isDebugEnabled()) { - LOG.debug("<== TagDBStore.createTaggedResource(" + resource + ")"); - } - return ret; + return xTag; } - private List<RangerResourceTag> createTagsForTaggedResource(RangerTaggedResource resource) { - - List<RangerResourceTag> tags = resource.getTags(); - - if (tags == null) { - return null; - } - - for (RangerResourceTag tag : tags) { - XXTag xTag = new XXTag(); - - xTag.setExternalId(tag.getExternalId()); - xTag.setName(tag.getName()); - xTag.setGuid(guidUtil.genGUID()); - xTag = (XXTag) rangerAuditFields.populateAuditFieldsForCreate(xTag); - - xTag = daoManager.getXXTag().create(xTag); - - for (Entry<String, String> attr : tag.getAttributeValues().entrySet()) { - XXTagAttribute xTagAttr = new XXTagAttribute(); - - xTagAttr.setTagId(xTag.getId()); - xTagAttr.setName(attr.getKey()); - xTagAttr.setValue(attr.getValue()); - xTagAttr.setGuid(guidUtil.genGUID()); - xTagAttr = (XXTagAttribute) rangerAuditFields.populateAuditFieldsForCreate(xTagAttr); - - xTagAttr = daoManager.getXXTagAttribute().create(xTagAttr); - } - - XXTagResourceMap tagResMap = new XXTagResourceMap(); - tagResMap.setTaggedResId(resource.getId()); - tagResMap.setTagId(xTag.getId()); - tagResMap.setGuid(guidUtil.genGUID()); - tagResMap = (XXTagResourceMap) rangerAuditFields.populateAuditFieldsForCreate(tagResMap); - - tagResMap = daoManager.getXXTagResourceMap().create(tagResMap); + private void deleteTagAttributes(Long tagId) { + List<XXTagAttribute> tagAttrList = daoManager.getXXTagAttribute().findByTagId(tagId); + for (XXTagAttribute tagAttr : tagAttrList) { + daoManager.getXXTagAttribute().remove(tagAttr); } - - return tags; } - private RangerTaggedResourceKey createResourceSpecForTaggedResource(RangerTaggedResource resource) { - - if (resource.getKey() == null) { - return null; - } + private void createResourceSpecForResource(RangerServiceResource resource) { - String serviceName = resource.getKey().getServiceName(); + String serviceName = resource.getServiceName(); XXService xService = daoManager.getXXService().findByName(serviceName); if (xService == null) { @@ -389,14 +317,13 @@ public class TagDBStore implements TagStore { throw errorUtil.createRESTException("No Service-Def found with ID: " + xService.getType(), MessageEnums.ERROR_CREATING_OBJECT); } - RangerTaggedResourceKey resKey = resource.getKey(); - Map<String, RangerPolicy.RangerPolicyResource> resourceSpec = resKey.getResourceSpec(); + Map<String, RangerPolicy.RangerPolicyResource> resourceSpec = resource.getResourceSpec(); for (Entry<String, RangerPolicyResource> resSpec : resourceSpec.entrySet()) { XXResourceDef xResDef = daoManager.getXXResourceDef().findByNameAndServiceDefId(resSpec.getKey(), xServiceDef.getId()); if (xResDef == null) { - LOG.error("TagDBStore.createTaggedResource: ResourceType is not valid [" + resSpec.getKey() + "]"); + LOG.error("TagDBStore.createResource: ResourceType is not valid [" + resSpec.getKey() + "]"); throw errorUtil.createRESTException("Resource Type is not valid [" + resSpec.getKey() + "]", MessageEnums.DATA_NOT_FOUND); } @@ -426,253 +353,407 @@ public class TagDBStore implements TagStore { sortOrder++; } } - return resKey; } + private void deleteResourceValue(Long resourceId) { + List<XXTaggedResourceValue> taggedResValueList = daoManager.getXXTaggedResourceValue().findByTaggedResId(resourceId); + for (XXTaggedResourceValue taggedResValue : taggedResValueList) { + List<XXTaggedResourceValueMap> taggedResValueMapList = daoManager.getXXTaggedResourceValueMap().findByResValueId(taggedResValue.getId()); + for (XXTaggedResourceValueMap taggedResValueMap : taggedResValueMapList) { + daoManager.getXXTaggedResourceValueMap().remove(taggedResValueMap); + } + daoManager.getXXTaggedResourceValue().remove(taggedResValue); + } + } + + private void updateResourceSpecForResource(RangerServiceResource updResource) { + + if (updResource != null) { + deleteResourceValue(updResource.getId()); + } + + createResourceSpecForResource(updResource); + } + */ + @Override - public RangerTaggedResource updateTaggedResource(RangerTaggedResource resource) throws Exception { + public RangerTag createTag(RangerTag tag) throws Exception + { + throw new Exception("Not implemented"); - RangerTaggedResource existing = getResource(resource.getId()); - if (existing == null) { - throw errorUtil.createRESTException(resource.getId() + ": resource does not exist (id=" + resource.getId() + ")", MessageEnums.DATA_NOT_FOUND); + /* + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagDBStore.createTag(" + tag + ")"); } - RangerTaggedResource ret = null; + throw new Exception("Not implemented"); + + + + RangerTag ret = null; - try { - if (StringUtils.isEmpty(resource.getCreatedBy())) { - resource.setCreatedBy(existing.getCreatedBy()); - } - if (resource.getCreateTime() == null) { - resource.setCreateTime(existing.getCreateTime()); - } - if (StringUtils.isEmpty(resource.getGuid())) { - resource.setGuid(existing.getGuid()); - } - ret = rangerTaggedResourceService.update(resource); - ret.setTags(resource.getTags()); - ret.setKey(resource.getKey()); + try { - RangerTaggedResourceKey updKey = updateResourceSpecForTaggedResource(ret); - List<RangerResourceTag> updTags = updateTagsForTaggedResource(ret); + ret = rangerTagService.getPopulatedViewObject(createTagAttributes(tag)); - ret.setKey(updKey); - ret.setTags(updTags); + } catch (Exception e) { + throw errorUtil.createRESTException("failed to save tag [" + tag.getName() + "]", MessageEnums.ERROR_CREATING_OBJECT); + } - } catch (Exception excp) { - LOG.warn("TagDBStore.updateTagDef(): failed to save resource '" + resource.getId() + "'", excp); - throw new Exception("failed to save resource '" + resource.getId() + "'", excp); + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.createTag(" + tag + ")"); } return ret; + */ } - private RangerTaggedResourceKey updateResourceSpecForTaggedResource(RangerTaggedResource updResource) { + @Override + public RangerTag updateTag(RangerTag tag) throws Exception + { - if (updResource == null) { - return null; + throw new Exception("Not implemented"); + + /* + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagDBStore.updateTag(" + tag + ")"); } - deleteTaggedResourceValue(updResource.getId()); + throw new Exception("Not implemented"); - return createResourceSpecForTaggedResource(updResource); - } + RangerTag ret = null; - private List<RangerResourceTag> updateTagsForTaggedResource(RangerTaggedResource updResource) { - if (updResource == null) { - return null; + RangerTag existing = rangerTagService.read(tag.getId()); + + if (existing == null) { + throw errorUtil.createRESTException("failed to update tag [" + tag.getName() + "], Reason: No Tag found with id: [" + tag.getId() + "]", + MessageEnums.DATA_NOT_UPDATABLE); } - deleteTagsForTaggedResource(updResource.getId()); + if (StringUtils.isEmpty(tag.getCreatedBy())) { + tag.setCreatedBy(existing.getCreatedBy()); + } + if (tag.getCreateTime() == null) { + tag.setCreateTime(existing.getCreateTime()); + } + if (StringUtils.isEmpty(tag.getGuid())) { + tag.setGuid(existing.getGuid()); + } - return createTagsForTaggedResource(updResource); - } + deleteTagAttributes(existing.getId()); - private void deleteTaggedResourceValue(Long resourceId) { - List<XXTaggedResourceValue> taggedResValueList = daoManager.getXXTaggedResourceValue().findByTaggedResId(resourceId); - for (XXTaggedResourceValue taggedResValue : taggedResValueList) { - List<XXTaggedResourceValueMap> taggedResValueMapList = daoManager.getXXTaggedResourceValueMap().findByResValueId(taggedResValue.getId()); - for (XXTaggedResourceValueMap taggedResValueMap : taggedResValueMapList) { - daoManager.getXXTaggedResourceValueMap().remove(taggedResValueMap); - } - daoManager.getXXTaggedResourceValue().remove(taggedResValue); + createTagAttributes(tag); + + ret = rangerTagService.update(tag); + + ret = rangerTagService.read(ret.getId()); + + + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.updateTag(" + tag + ") : " + ret); } + + return ret; + */ } - private void deleteTagsForTaggedResource(Long resourceId) { - List<XXTagResourceMap> oldTagResMapList = daoManager.getXXTagResourceMap().findByTaggedResourceId(resourceId); - for (XXTagResourceMap oldTagResMap : oldTagResMapList) { - daoManager.getXXTagResourceMap().remove(oldTagResMap); + @Override + public void deleteTagById(Long id) throws Exception { - List<XXTagAttribute> tagAttrList = daoManager.getXXTagAttribute().findByTagId(oldTagResMap.getTagId()); - for (XXTagAttribute tagAttr : tagAttrList) { - daoManager.getXXTagAttribute().remove(tagAttr); - } - daoManager.getXXTag().remove(oldTagResMap.getTagId()); + throw new Exception("Not implemented"); + + /* + RangerTag tag = rangerTagService.read(id); + deleteTagAttributes(id); + rangerTagService.delete(tag); + */ + } + + @Override + public RangerTag getTagById(Long id) throws Exception { + throw new Exception("Not implemented"); + + /* + RangerTag ret = null; + + ret = rangerTagService.read(id); + + return ret; + */ + } + + @Override + public List<RangerTag> getTagsByName(String name) throws Exception { + throw new Exception("Not implemented"); + + /* + List<RangerTag> ret = null; + + if (StringUtils.isNotBlank(name)) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_DEF_NAME, name); + ret = getTags(filter); + } else { + ret = null; } + + return ret; + */ } @Override - public void deleteResource(Long taggedResId) throws Exception { + public List<RangerTag> getTagsByExternalId(String externalId) throws Exception { + throw new Exception("Not implemented"); - XXTaggedResource taggedRes = daoManager.getXXTaggedResource().getById(taggedResId); - if (taggedRes == null) { - throw errorUtil.createRESTException("No Resource exists with Id: " + taggedResId, MessageEnums.DATA_NOT_FOUND); + /* + List<RangerTag> ret = null; + + if (StringUtils.isNotBlank(externalId)) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_EXTERNAL_ID, externalId); + ret = getTags(filter); + } else { + ret = null; } - // Remove tags associated with resource - deleteTagsForTaggedResource(taggedResId); + return ret; + */ + } - // Remove taggedResourceValue - deleteTaggedResourceValue(taggedResId); + @Override + public List<RangerTag> getTags(SearchFilter filter) throws Exception { + throw new Exception("Not implemented"); - // Remove taggedResource - daoManager.getXXTaggedResource().remove(taggedRes); + /* + List<RangerTag> ret = null; + + ret = rangerTagService.searchRangerTags(filter).getList(); + + return ret; + */ } + @Override - public RangerTaggedResource getResource(Long id) throws Exception { - return rangerTaggedResourceService.read(id); + public RangerServiceResource createServiceResource(RangerServiceResource resource) throws Exception { + throw new Exception("Not implemented"); + + /* + if (LOG.isDebugEnabled()) { + + LOG.debug("==> TagDBStore.createResource(" + resource + ")"); + } + throw new Exception("Not implemented"); + + RangerServiceResource ret = null; + + try { + ret = rangerTaggedResourceService.create(resource); + + ret = rangerTaggedResourceService.read(ret.getId()); + + createResourceSpecForResource(ret); + + } catch (Exception e) { + throw errorUtil.createRESTException("failed to save resource [" + resource.getId() + "]", MessageEnums.ERROR_CREATING_OBJECT); + } + + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.createResource(" + resource + ")"); + } + + return ret; + */ } @Override - public TagServiceResources getResources(String serviceName, Long lastTimestamp) throws Exception { + public RangerServiceResource updateServiceResource(RangerServiceResource resource) throws Exception { + throw new Exception("Not implemented"); - List<RangerTaggedResource> taggedResources; + /* - SearchFilter filter = new SearchFilter(); + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagDBStore.updateResource(" + resource + ")"); + } - if (StringUtils.isNotBlank(serviceName)) { - filter.setParam(SearchFilter.TAG_RESOURCE_SERVICE_NAME, serviceName); + throw new Exception("Not implemented"); + + RangerServiceResource ret = null; + + RangerServiceResource existing = rangerTaggedResourceService.read(resource.getId()); + + + if (existing == null) { + throw errorUtil.createRESTException("failed to update tag [" + resource.getId() + "], Reason: No resource found with id: [" + resource.getId() + "]", + MessageEnums.DATA_NOT_UPDATABLE); } - if (lastTimestamp != null) { - filter.setParam(SearchFilter.TAG_RESOURCE_TIMESTAMP, Long.toString(lastTimestamp.longValue())); + if (StringUtils.isEmpty(resource.getCreatedBy())) { + resource.setCreatedBy(existing.getCreatedBy()); + } + if (resource.getCreateTime() == null) { + resource.setCreateTime(existing.getCreateTime()); } + if (StringUtils.isEmpty(resource.getGuid())) { + resource.setGuid(existing.getGuid()); + } + + ret = rangerTaggedResourceService.update(resource); - taggedResources = getResources(filter); + ret = rangerTaggedResourceService.read(ret.getId()); - TagServiceResources ret = new TagServiceResources(); - ret.setTaggedResources(taggedResources); - // TBD - ret.setLastUpdateTime(new Date()); - ret.setVersion(1L); + updateResourceSpecForResource(ret); + + + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagDBStore.updateResource(" + resource + ") : " + ret); + } return ret; + */ } @Override - public List<RangerTaggedResource> getResources(SearchFilter filter) throws Exception { - return getPaginatedResources(filter).getList(); + public void deleteServiceResourceById(Long id) throws Exception { + + throw new Exception("Not implemented"); + + /* + XXTaggedResource taggedRes = daoManager.getXXTaggedResource().getById(id); + if (taggedRes == null) { + throw errorUtil.createRESTException("No Resource exists with Id: " + id, MessageEnums.DATA_NOT_FOUND); + } + + // Remove taggedResourceValue + deleteResourceValue(id); + + // Remove taggedResource + daoManager.getXXTaggedResource().remove(id); + */ } @Override - public PList<RangerTaggedResource> getPaginatedResources(SearchFilter filter) throws Exception { - return rangerTaggedResourceService.searchRangerTaggedResources(filter); + public List<RangerServiceResource> getServiceResourcesByExternalId(String externalId) throws Exception { + + throw new Exception("Not implemented"); + + /* + List<RangerServiceResource> ret = null; + + + if (StringUtils.isNotBlank(externalId)) { + SearchFilter filter = new SearchFilter(SearchFilter.TAG_EXTERNAL_ID, externalId); + ret = getServiceResources(filter); + } else { + ret = null; + } + + return ret; + */ } @Override - public List<String> getTags(String serviceName) throws Exception { + public RangerServiceResource getServiceResourceById(Long id) throws Exception { - XXService xService = daoManager.getXXService().findByName(serviceName); - if (xService == null) { - throw errorUtil.createRESTException("No Service found with name [" + serviceName + "]", MessageEnums.DATA_NOT_FOUND); - } + throw new Exception("Not implemented"); - List<String> tagList = daoManager.getXXTag().findTagNamesByServiceId(xService.getId()); + /* + RangerServiceResource ret = null; + ret = rangerTaggedResourceService.read(id); + return ret; + */ + } - Collections.sort(tagList, new Comparator<String>() { - @Override - public int compare(String s1, String s2) { - return s1.compareToIgnoreCase(s2); - } - }); - return tagList; + @Override + public List<RangerServiceResource> getServiceResourcesByServiceAndResourceSpec(String serviceName, Map<String, RangerPolicy.RangerPolicyResource> resourceSpec) throws Exception { + throw new Exception("Not implemented"); } @Override - public List<String> lookupTags(String serviceName, String tagNamePattern) throws Exception { + public List<RangerServiceResource> getServiceResources(SearchFilter filter) throws Exception{ - if (LOG.isDebugEnabled()) { - LOG.debug("==> TagDBStore.lookupTags(" + serviceName + ", " + tagNamePattern + ")"); - } - - List<String> tagNameList = getTags(serviceName); - List<String> matchedTagList = new ArrayList<String>(); - - if (CollectionUtils.isNotEmpty(tagNameList)) { - Pattern p = Pattern.compile(tagNamePattern); - for (String tagName : tagNameList) { - Matcher m = p.matcher(tagName); - if (LOG.isDebugEnabled()) { - LOG.debug("TagDBStore.lookupTags) - Trying to match .... tagNamePattern=" + tagNamePattern + ", tagName=" + tagName); - } - if (m.matches()) { - if (LOG.isDebugEnabled()) { - LOG.debug("TagDBStore.lookupTags) - Match found.... tagNamePattern=" + tagNamePattern + ", tagName=" + tagName); - } - matchedTagList.add(tagName); - } - } - } + throw new Exception("Not implemented"); - if (LOG.isDebugEnabled()) { - LOG.debug("<== TagDBStore.lookupTags(" + serviceName + ", " + tagNamePattern + ")"); - } + /* + List<RangerServiceResource> ret = null; - return matchedTagList; + ret = rangerTaggedResourceService.searchRangerTaggedResources(filter).getList(); + return ret; + */ } @Override - public RangerTaggedResource getResource(RangerTaggedResourceKey key) throws Exception { - if (key == null) { - LOG.error("TagDBStore.getResources() - parameter 'key' is null."); - throw errorUtil.createRESTException("TagFileStore.getResources() - parameter 'key' is null.", MessageEnums.INVALID_INPUT_DATA); - } + public RangerTagResourceMap createTagResourceMap(RangerTagResourceMap tagResourceMap) throws Exception { + throw new Exception("Not implemented"); + } - XXService xService = daoManager.getXXService().findByName(key.getServiceName()); - if (xService == null) { - LOG.error("TagDBStore.getResources() - No Service found with name [" + key.getServiceName() + "]"); - throw errorUtil.createRESTException("TagDBStore.getResources() - No Service found with name [" + key.getServiceName() + "]", MessageEnums.INVALID_INPUT_DATA); - } + @Override + public void deleteTagResourceMapById(Long id) throws Exception { + throw new Exception("Not implemented"); + } + + @Override + public List<RangerTagResourceMap> getTagResourceMap(String externalResourceId, String externalTagId) throws Exception { + throw new Exception("Not implemented"); + } + + @Override + public RangerTagResourceMap getTagResourceMapById(Long id) throws Exception { + throw new Exception("Not implemented"); + } - RangerServiceDef serviceDef = serviceDBStore.getServiceDef(xService.getType()); - Long serviceId = xService.getId(); + @Override + public List<RangerTagResourceMap> getTagResourceMaps(SearchFilter filter) throws Exception { + throw new Exception("Not implemented"); + } - RangerTaggedResource ret = null; + @Override + public ServiceTags getServiceTagsIfUpdated(String serviceName, Long lastKnownVersion) throws Exception { + throw new Exception("Not implemented"); + } - List<XXTaggedResource> taggedResList = daoManager.getXXTaggedResource().findByServiceId(serviceId); + @Override + public PList<RangerTagResourceMap> getPaginatedTagResourceMaps(SearchFilter filter) throws Exception { + throw new Exception("Not implemented"); + } - if (CollectionUtils.isEmpty(taggedResList)) { - return null; - } + @Override + public List<String> getTags(String serviceName) throws Exception { + throw new Exception("Not implemented"); + } - if (taggedResList.size() == 1) { - ret = rangerTaggedResourceService.getPopulatedViewObjject(taggedResList.get(0)); - return ret; - } else { - for (XXTaggedResource xTaggedRes : taggedResList) { - RangerTaggedResource taggedRes = rangerTaggedResourceService.getPopulatedViewObjject(xTaggedRes); + @Override + public List<String> lookupTags(String serviceName, String tagNamePattern) throws Exception { + throw new Exception("Not implemented"); + } - RangerDefaultPolicyResourceMatcher policyResourceMatcher = new RangerDefaultPolicyResourceMatcher(); + @Override + public List<RangerTag> getTagsForServiceResource(Long resourceId) throws Exception { + throw new Exception("Not implemented"); + } - policyResourceMatcher.setPolicyResources(taggedRes.getKey().getResourceSpec()); + @Override + public List<RangerTag> getTagsForServiceResourceByExtId(String resourceExtId) throws Exception { + throw new Exception("Not implemented"); + } - policyResourceMatcher.setServiceDef(serviceDef); - policyResourceMatcher.init(); - boolean isMatch = policyResourceMatcher.isExactMatch(key.getResourceSpec()); + @Override + public List<RangerTagDef> getTagDefsByExternalId(String extId) throws Exception { + throw new Exception("Not implemented"); + } - if (isMatch) { - return taggedRes; - } - } - } - return ret; + @Override + public List<RangerTagResourceMap> getTagResourceMapsByTagId(Long tagId) throws Exception { + throw new Exception("Not implemented"); } + @Override + public List<RangerTagResourceMap> getTagResourceMapsByResourceId(Long resourceId) throws Exception { + throw new Exception("Not implemented"); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java index af15b0a..46b760b 100644 --- a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java @@ -49,6 +49,12 @@ public class XXTag extends XXDBBase implements Serializable { @Column(name = "guid", unique = true, nullable = false, length = 512) protected String guid; + @Column(name = "version") + protected Long version; + + @Column(name = "is_enabled") + protected Boolean isEnabled; + @Column(name = "tag_def_id") protected Long tagDefId; @@ -84,6 +90,36 @@ public class XXTag extends XXDBBase implements Serializable { } /** + * @return the version + */ + public Long getVersion() { + return version; + } + + /** + * @param version + * the version to set + */ + public void setVersion(Long version) { + this.version = version; + } + + /** + * @return the isEnabled + */ + public Boolean getIsEnabled() { + return isEnabled; + } + + /** + * @param isEnabled + * the isEnabled to set + */ + public void setIsEnabled(Boolean isEnabled) { + this.isEnabled = isEnabled; + } + + /** * @return the tagDefId */ public Long getTagDefId() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 5af0b66..b667777 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -20,18 +20,22 @@ package org.apache.ranger.rest; import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections.ListUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.ranger.biz.ServiceDBStore; -import org.apache.ranger.biz.TagDBStore; +//import org.apache.ranger.biz.TagDBStore; import org.apache.ranger.common.RESTErrorUtil; -import org.apache.ranger.plugin.model.RangerTaggedResourceKey; -import org.apache.ranger.plugin.model.RangerTaggedResource; +import org.apache.ranger.plugin.model.RangerServiceResource; +import org.apache.ranger.plugin.model.RangerTag; +import org.apache.ranger.plugin.model.RangerTagResourceMap; import org.apache.ranger.plugin.model.RangerTagDef; import org.apache.ranger.plugin.store.TagStore; +import org.apache.ranger.plugin.store.TagValidator; + import org.apache.ranger.plugin.store.file.TagFileStore; import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.TagServiceResources; +import org.apache.ranger.plugin.util.ServiceTags; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; @@ -60,19 +64,29 @@ public class TagREST { @Autowired ServiceDBStore svcStore; - @Autowired - TagDBStore tagStore; + //@Autowired + //TagDBStore tagStore; + + TagStore tagStore; + + //@Autowired + //TagValidator validator; + + TagValidator validator; - public TagREST() { + public TagREST() { } @PostConstruct public void initStore() { - + tagStore = TagFileStore.getInstance(); + tagStore.setServiceStore(svcStore); + validator = new TagValidator(); + validator.setTagStore(tagStore); } @POST - @Path(TagRESTConstants.TAGS_RESOURCE) + @Path(TagRESTConstants.TAGDEFS_RESOURCE) @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public RangerTagDef createTagDef(RangerTagDef tagDef) { @@ -100,7 +114,7 @@ public class TagREST { } @PUT - @Path(TagRESTConstants.TAG_RESOURCE + "/{id}") + @Path(TagRESTConstants.TAGDEF_RESOURCE + "/{id}") @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") @@ -131,7 +145,7 @@ public class TagREST { } @DELETE - @Path(TagRESTConstants.TAG_RESOURCE + "/{id}") + @Path(TagRESTConstants.TAGDEF_RESOURCE + "/{id}") @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public void deleteTagDef(@PathParam("id") Long id) { @@ -155,7 +169,7 @@ public class TagREST { } @GET - @Path(TagRESTConstants.TAG_RESOURCE+"/{name}") + @Path(TagRESTConstants.TAGDEF_RESOURCE+"/{name}") @Produces({ "application/json", "application/xml" }) public List<RangerTagDef> getTagDefByName(@PathParam("name") String name) { if(LOG.isDebugEnabled()) { @@ -184,7 +198,7 @@ public class TagREST { } @GET - @Path(TagRESTConstants.TAGS_RESOURCE) + @Path(TagRESTConstants.TAGDEFS_RESOURCE) @Produces({ "application/json", "application/xml" }) public List<RangerTagDef> getTagDefs() { if(LOG.isDebugEnabled()) { @@ -213,376 +227,601 @@ public class TagREST { } @POST - @Path(TagRESTConstants.RESOURCES_RESOURCE) + @Path(TagRESTConstants.TAGS_RESOURCE) @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public RangerTaggedResource createResource(RangerTaggedResource resource) { + public RangerTag createTag(RangerTag tag) { if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.createResource(" + resource + ")"); + LOG.debug("==> TagREST.createTag(" + tag + ")"); } - RangerTaggedResource ret; + RangerTag ret; try { - //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); - //validator.validate(resource, Action.CREATE); - ret = tagStore.createTaggedResource(resource, false); + validator.preCreateTag(tag); + ret = tagStore.createTag(tag); } catch(Exception excp) { - LOG.error("createResource(" + resource + ") failed", excp); + LOG.error("createTag(" + tag + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.createResource(" + resource + "): " + ret); + LOG.debug("<== TagREST.createTag(" + tag + "): " + ret); } return ret; } @PUT - @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Path(TagRESTConstants.TAG_RESOURCE + "{id}") @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public RangerTaggedResource updateResource(@PathParam("id") Long id, RangerTaggedResource resource) { + + public RangerTag updateTagById(@PathParam("id") Long id, RangerTag tag) { + + RangerTag ret; + + try { + validator.preUpdateTagById(id, tag); + ret = tagStore.updateTag(tag); + } catch (Exception excp) { + LOG.error("updateTag() failed", excp); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.updateResource(" + id + ")"); + LOG.debug("<== TagREST.updateTag(): " + ret); } - if (resource.getId() == null) { - resource.setId(id); - } else if (!resource.getId().equals(id)) { - throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "resource id mismatch", true); + return ret; + } + + @PUT + @Path(TagRESTConstants.TAG_RESOURCE + "externalId/{externalId}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + + public RangerTag updateTagByExternalId(@PathParam("externalId") String externalId, RangerTag tag) { + + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.updateTagByExternalId(" + externalId + ")"); } - RangerTaggedResource ret; + RangerTag ret; try { - //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); - //validator.validate(resource, Action.UPDATE); - ret = tagStore.updateTaggedResource(resource); - } catch(Exception excp) { - LOG.error("updateResource(" + id + ") failed", excp); - + validator.preUpdateTagByExternalId(externalId, tag); + ret = tagStore.updateTag(tag); + } catch (Exception excp) { + LOG.error("updateTagByExternalId(" + externalId + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } - if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.updateResource(" + resource + "): " + ret); + LOG.debug("<== TagREST.updateTagByExternalId(" + externalId + "): " + ret); } return ret; } @PUT - @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}/" +TagRESTConstants.ACTION_SUB_RESOURCE) + @Path(TagRESTConstants.TAG_RESOURCE + "name/{name}") @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public RangerTaggedResource updateResource(@PathParam("id") final Long id, @DefaultValue(TagRESTConstants.ACTION_ADD) @QueryParam(TagRESTConstants.ACTION_OP) String op, List<RangerTaggedResource.RangerResourceTag> resourceTagList) { - - RangerTaggedResource ret; - - if (op.equals(TagRESTConstants.ACTION_ADD) || - op.equals(TagRESTConstants.ACTION_REPLACE) || - op.equals(TagRESTConstants.ACTION_DELETE)) { - RangerTaggedResource oldResource; - try { - oldResource = tagStore.getResource(id); - } catch (Exception excp) { - LOG.error("getResource(" + id + ") failed", excp); + public RangerTag updateTagByName(@PathParam("name") String name, RangerTag tag) { - throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); - } - List<RangerTaggedResource.RangerResourceTag> oldTagsAndValues = oldResource.getTags(); - - switch (op) { - case TagRESTConstants.ACTION_ADD: - oldTagsAndValues.addAll(resourceTagList); - break; - case TagRESTConstants.ACTION_REPLACE: - oldResource.setTags(resourceTagList); - break; - case TagRESTConstants.ACTION_DELETE: - oldTagsAndValues.removeAll(resourceTagList); - break; - default: - break; - } - oldResource.setTags(oldTagsAndValues); + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.updateTagByName(" + name + ")"); + } - try { - //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); - //validator.validate(resource, Action.UPDATE); - ret = tagStore.updateTaggedResource(oldResource); - } catch (Exception excp) { - LOG.error("updateResource(" + id + ") failed", excp); + RangerTag ret; - throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); - } - } else { - LOG.error("updateResource(" + id + ") failed, invalid operation " + op); - throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, "invalid update operation", true); + try { + validator.preUpdateTagByName(name, tag); + ret = tagStore.updateTag(tag); + } catch (Exception excp) { + LOG.error("updateTagByName(" + name + ") failed", excp); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.updateTagByName(" + name + "): " + ret); } return ret; } @DELETE - @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Path(TagRESTConstants.TAG_RESOURCE + "{id}") @Produces({ "application/json", "application/xml" }) //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - public void deleteResource(@PathParam("id") Long id) { - if (LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.deleteResource(" + id + ")"); + public void deleteTagById(@PathParam("id") Long id) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteTagById(" + id +")"); } + try { - //RangerResourceValidator validator = validatorFactory.getResourceValidator(tagStore); - //validator.validate(guid, Action.DELETE); - tagStore.deleteResource(id); - } catch (Exception excp) { - LOG.error("deleteResource(" + id + ") failed", excp); + validator.preDeleteTagById(id); + tagStore.deleteTagById(id); + } catch(Exception excp) { + LOG.error("deleteTag() failed", excp); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteTag()"); + } + } + + @DELETE + @Path(TagRESTConstants.TAG_RESOURCE + "externalId/{externalId}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteTagByExternalId(@PathParam("externalId") String externalId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteTagByExternalId(" + externalId + ")"); + } + + try { + RangerTag exist = validator.preDeleteTagByExternalId(externalId); + tagStore.deleteTagById(exist.getId()); + } catch(Exception excp) { + LOG.error("deleteTagByExternalId(" + externalId + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } - if (LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.deleteResource(" + id + ")"); + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteTagByExternalId(" + externalId + ")"); } + } + @DELETE + @Path(TagRESTConstants.TAG_RESOURCE + "name/{name}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteTagByName(@PathParam("name") String name) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteTagByName(" + name + ")"); + } + + try { + RangerTag exist = validator.preDeleteTagByName(name); + tagStore.deleteTagById(exist.getId()); + } catch(Exception excp) { + LOG.error("deleteTagByName(" + name + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteTagByName(" + name + ")"); + } } @GET - @Path(TagRESTConstants.RESOURCE_RESOURCE + "/{id}") + @Path(TagRESTConstants.TAGS_RESOURCE + "{id}") @Produces({ "application/json", "application/xml" }) - public RangerTaggedResource getResource(@PathParam("id") Long id) { + public RangerTag getTagById(@PathParam("id") Long id) { if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.getResource(" + id + ")"); + LOG.debug("==> TagREST.getTagById(" + id + ")"); } - - RangerTaggedResource ret; + RangerTag ret; try { - ret = tagStore.getResource(id); + ret = tagStore.getTagById(id); } catch(Exception excp) { - LOG.error("getResource(" + id + ") failed", excp); + LOG.error("getTagById(" + id + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } - if(ret == null) { - throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getTagById(" + id + "): " + ret); + } + + return ret; + } + + @GET + @Path(TagRESTConstants.TAGS_RESOURCE + "externalId/{externalId}") + @Produces({ "application/json", "application/xml" }) + public List<RangerTag> getTagsByExternalId(@PathParam("externalId") String externalId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getTagsByExternalId(" + externalId + ")"); + } + List<RangerTag> ret; + + try { + ret = tagStore.getTagsByExternalId(externalId); + } catch(Exception excp) { + LOG.error("getTagsByExternalId(" + externalId + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.getResource(" + id + "): " + ret); + LOG.debug("<== TagREST.getTagsByExternalId(" + externalId + "): " + ret); } return ret; } - // This API is typically used by plug-in to get selected tagged resources from RangerAdmin + @GET + @Path(TagRESTConstants.TAGS_RESOURCE + "name/{name}") + @Produces({ "application/json", "application/xml" }) + public List<RangerTag> getTagsByName(@PathParam("name") String name) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getTagsByName(" + name + ")"); + } + List<RangerTag> ret; + + try { + ret = tagStore.getTagsByName(name); + } catch(Exception excp) { + LOG.error("getTagsByName(" + name + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getTagsByName(" + name + "): " + ret); + } + + return ret; + } @GET - @Path(TagRESTConstants.RESOURCES_UPDATED_RESOURCE) + @Path(TagRESTConstants.TAGS_RESOURCE) @Produces({ "application/json", "application/xml" }) - public TagServiceResources getResources(@QueryParam(TagRESTConstants.SERVICE_NAME_PARAM) String serviceName, - @QueryParam(TagRESTConstants.TAG_TIMESTAMP_PARAM) Long lastTimestamp) { + public List<RangerTag> getAllTags() { if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.getResources(" + serviceName + ", " + lastTimestamp + ")"); + LOG.debug("==> TagREST.getAllTags()"); } - TagServiceResources ret = null; + List<RangerTag> ret; try { - ret = tagStore.getResources(serviceName, lastTimestamp); + ret = tagStore.getTags(new SearchFilter()); } catch(Exception excp) { - LOG.error("getResources(" + serviceName + ") failed", excp); + LOG.error("getAllTags() failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } + if (CollectionUtils.isEmpty(ret)) { + if (LOG.isDebugEnabled()) { + LOG.debug("getAllTags() - No tags found"); + } + } if(LOG.isDebugEnabled()) { - LOG.debug("<==> TagREST.getResources(" + serviceName + ", " + lastTimestamp + ")"); + LOG.debug("<== TagREST.getAllTags(): " + ret); } return ret; } - // This API is typically used by GUI to get all available tags from RangerAdmin + @POST + @Path(TagRESTConstants.RESOURCES_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerServiceResource createServiceResource(RangerServiceResource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.createServiceResource(" + resource + ")"); + } - @GET - @Path(TagRESTConstants.TAGNAMES_RESOURCE) + RangerServiceResource ret; + + try { + validator.preCreateServiceResource(resource); + ret = tagStore.createServiceResource(resource); + } catch(Exception excp) { + LOG.error("createServiceResource(" + resource + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.createServiceResource(" + resource + "): " + ret); + } + + return ret; + } + + @PUT + @Path(TagRESTConstants.RESOURCE_RESOURCE + "{id}") @Produces({ "application/json", "application/xml" }) - public List<String> getTagNames(@QueryParam(TagRESTConstants.SERVICE_NAME_PARAM) String serviceName) { + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerServiceResource updateServiceResourceById(@PathParam("id") Long id, RangerServiceResource resource) { if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.getTagNames(" + serviceName + ")"); + LOG.debug("==> TagREST.updateServiceResourceById(" + id + ")"); } - List<String> tagNames = null; + RangerServiceResource ret; try { - tagNames = tagStore.getTags(serviceName); + validator.preUpdateServiceResourceById(id, resource); + ret = tagStore.updateServiceResource(resource); } catch(Exception excp) { - LOG.error("getTags(" + serviceName + ") failed", excp); + LOG.error("updateServiceResourceById(" + resource + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.getTagNames(" + serviceName + ")"); + LOG.debug("<== TagREST.updateServiceResourceById(" + id + "): " + ret); } - return tagNames; + return ret; } - // This API is typically used by GUI to help lookup available tags from RangerAdmin to help tag-policy writer. It - // may also be used to validate configuration parameters of a tag-service + @PUT + @Path(TagRESTConstants.RESOURCE_RESOURCE + "externalId/{externalId}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @GET - @Path(TagRESTConstants.LOOKUP_TAGS_RESOURCE) + public RangerServiceResource updateServiceResourceByExternalId(@PathParam("externalId") String externalId, RangerServiceResource resource) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.updateServiceResourceByExternalId(" + externalId + ", " + resource + ")"); + } + RangerServiceResource ret; + try { + validator.preUpdateServiceResourceByExternalId(externalId, resource); + ret = tagStore.updateServiceResource(resource); + } catch(Exception excp) { + LOG.error("updateServiceResourceByExternalId(" + externalId + ", " + resource + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.updateServiceResourceByExternalId(" + externalId + ", " + resource + "): " + ret); + } + return ret; + } + + @DELETE + @Path(TagRESTConstants.RESOURCE_RESOURCE + "{id}") @Produces({ "application/json", "application/xml" }) - public List<String> lookupTags(@QueryParam(TagRESTConstants.SERVICE_NAME_PARAM) String serviceName, - @DefaultValue(".*") @QueryParam(TagRESTConstants.TAG_PATTERN_PARAM) String tagNamePattern) { + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteServiceResourceById(@PathParam("id") Long id) { if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.lookupTags(" + serviceName + ", " + tagNamePattern + ")"); + LOG.debug("==> TagREST.deleteServiceResourceById(" + id + ")"); + } + try { + validator.preDeleteServiceResourceById(id); + tagStore.deleteServiceResourceById(id); + } catch (Exception excp) { + LOG.error("deleteServiceResourceById() failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.deleteServiceResourceById(" + id + ")"); + } + } + + @DELETE + @Path(TagRESTConstants.RESOURCE_RESOURCE + "externalId/{externalId}") + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteServiceResourceByExternalId(@PathParam("externalId") String externalId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteServiceResourceByExternalId(" + externalId + ")"); } - List<String> matchingTagNames = null; try { - matchingTagNames = tagStore.lookupTags(serviceName, tagNamePattern); + RangerServiceResource exist = validator.preDeleteServiceResourceByExternalId(externalId); + tagStore.deleteServiceResourceById(exist.getId()); } catch(Exception excp) { - LOG.error("lookupTags(" + serviceName + ") failed", excp); + LOG.error("deleteServiceResourceByExternalId(" + externalId + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.lookupTags(" + serviceName + ")"); + LOG.debug("<== TagREST.deleteServiceResourceByExternalId(" + externalId + ")"); } - return matchingTagNames; } - // The following APIs will be typically used by tag-sync module + @GET + @Path(TagRESTConstants.RESOURCES_RESOURCE + "{id}") + @Produces({ "application/json", "application/xml" }) + public RangerServiceResource getServiceResourceById(@PathParam("id") Long id) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getServiceResourceById(" + id + ")"); + } + RangerServiceResource ret; + try { + ret = tagStore.getServiceResourceById(id); + } catch(Exception excp) { + LOG.error("getServiceResourceById(" + id + ") failed", excp); - // to get all tagged resources in RangerAdmin + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getServiceResourceById(" + id + "): " + ret); + } + return ret; + } @GET - @Path(TagRESTConstants.RESOURCES_ALL_RESOURCE) + @Path(TagRESTConstants.RESOURCES_RESOURCE + "externalId/{externalId}") @Produces({ "application/json", "application/xml" }) - public TagServiceResources getAllTaggedResources() throws Exception { - String emptyString = ""; - return getResources(emptyString, 0L); - } + public List<RangerServiceResource> getServiceResourcesByExternalId(@PathParam("externalId") String externalId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getServiceResourceByExternalId(" + externalId + ")"); + } + List<RangerServiceResource> ret; + try { + ret = tagStore.getServiceResourcesByExternalId(externalId); + } catch(Exception excp) { + LOG.error("getServiceResourceByExternalId(" + externalId + ") failed", excp); - // to create or update a tagged resource with associated tags in RangerAdmin + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getServiceResourceByExternalId(" + externalId + "): " + ret); + } + return ret; + } - @PUT - @Path(TagRESTConstants.RESOURCE_SET_RESOURCE) + @POST + @Path(TagRESTConstants.TAGRESOURCEMAPS_RESOURCE) @Produces({ "application/json", "application/xml" }) - public RangerTaggedResource setResource(RangerTaggedResourceKey key, List<RangerTaggedResource.RangerResourceTag> tags) throws Exception { + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public RangerTagResourceMap createTagResourceMap(@QueryParam("externalResourceId") String externalResourceId, + @QueryParam("externalTagId") String externalTagId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.createTagResourceMap(" + externalResourceId + ", " + externalTagId + ")"); + } + + RangerTagResourceMap tagResourceMap; + + try { + tagResourceMap = validator.preCreateTagResourceMap(externalResourceId, externalTagId); + tagResourceMap = tagStore.createTagResourceMap(tagResourceMap); + } catch(Exception excp) { + LOG.error("createTagResourceMap(" + externalResourceId + ", " + externalTagId + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.setResource()"); + LOG.debug("==> TagREST.createTagResourceMap(" + externalResourceId + ", " + externalTagId + ")"); } - RangerTaggedResource ret = null; + return tagResourceMap; + } - RangerTaggedResource taggedResource = new RangerTaggedResource(key, tags); + @DELETE + @Path(TagRESTConstants.TAGRESOURCEMAPS_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteTagResourceMap(@QueryParam("externalResourceId") String externalResourceId, + @QueryParam("externalTagId") String externalTagId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.deleteTagResourceMap(" + externalResourceId + ", " + externalTagId + ")"); + } try { - ret = tagStore.createTaggedResource(taggedResource, true); // Create or Update + RangerTagResourceMap exist = validator.preDeleteTagResourceMap(externalResourceId, externalTagId); + tagStore.deleteTagResourceMapById(exist.getId()); } catch(Exception excp) { - LOG.error("setResource() failed", excp); - LOG.error("Could not create taggedResource, " + taggedResource); + LOG.error("deleteTagResourceMap(" + externalResourceId + ", " + externalTagId + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.setResource()"); + LOG.debug("==> TagREST.deleteTagResourceMap(" + externalResourceId + ", " + externalTagId + ")"); } + } + /* + This leads to a WARNING in catalina.out - + WARNING: The following warnings have been detected with resource and/or provider classes: + WARNING: A HTTP GET method, public java.util.List org.apache.ranger.rest.TagREST.getServiceResources(org.apache.ranger.plugin.model.RangerServiceResource) throws java.lang.Exception, should not consume any entity. + Hence commented out.. + */ + /* + @GET + @Path(TagRESTConstants.RESOURCES_RESOURCE) + @Produces({ "application/json", "application/xml" }) + //@PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public List<RangerServiceResource> getServiceResources(RangerServiceResource resource) throws Exception { + + List<RangerServiceResource> ret = null; + + if (LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getServiceResources(" + resource + ")"); + } + ret = tagStore.getServiceResourcesByServiceAndResourceSpec(resource.getServiceName(), resource.getResourceSpec()); + if (LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getServiceResources(" + resource + ")"); + } return ret; } + */ - // to create or update a list of tagged resources with associated tags in RangerAdmin + // This API is typically used by plug-in to get selected tagged resources from RangerAdmin - @PUT - @Path(TagRESTConstants.RESOURCES_SET_RESOURCE) + @GET + @Path(TagRESTConstants.TAGS_DOWNLOAD + "{serviceName}") @Produces({ "application/json", "application/xml" }) - public List<RangerTaggedResource> setResources(List<RangerTaggedResourceKey> keys, List<RangerTaggedResource.RangerResourceTag> tags) throws Exception { - if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.setResources()"); - } - List<RangerTaggedResource> ret = new ArrayList<>(); - if (CollectionUtils.isNotEmpty(keys)) { - for (RangerTaggedResourceKey key : keys) { - try { - RangerTaggedResource taggedResource = setResource(key, tags); - if (taggedResource != null) { - ret.add(taggedResource); - } - } - catch(Exception e) { - // Ignore - } - } + public ServiceTags getServiceTagsIfUpdated(@PathParam("serviceName") String serviceName, + @QueryParam(TagRESTConstants.LAST_KNOWN_TAG_VERSION_PARAM) Long lastKnownVersion, @QueryParam("pluginId") String pluginId) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.getServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + pluginId + ")"); } + + ServiceTags ret = null; + + try { + ret = tagStore.getServiceTagsIfUpdated(serviceName, lastKnownVersion); + } catch(Exception excp) { + LOG.error("getServiceTagsIfUpdated(" + serviceName + ") failed", excp); + + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); + } + if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.setResources()"); + LOG.debug("<==> TagREST.getServiceTagsIfUpdated(" + serviceName + ", " + lastKnownVersion + ", " + pluginId + ")"); } + return ret; } - // to update a tagged resource by adding or removing tags from it in RangerAdmin + // This API is typically used by GUI to get all available tags from RangerAdmin - @PUT - @Path(TagRESTConstants.RESOURCE_UPDATE_RESOURCE) + @GET + @Path(TagRESTConstants.TAGNAMES_RESOURCE) @Produces({ "application/json", "application/xml" }) - public RangerTaggedResource updateResourceTags(RangerTaggedResourceKey key, List<RangerTaggedResource.RangerResourceTag> tagsToAdd, - List<RangerTaggedResource.RangerResourceTag> tagsToDelete) throws Exception { + public List<String> getTagNames(@QueryParam(TagRESTConstants.SERVICE_NAME_PARAM) String serviceName) { + if(LOG.isDebugEnabled()) { - LOG.debug("==> TagREST.updateResource()"); + LOG.debug("==> TagREST.getTagNames(" + serviceName + ")"); } + List<String> tagNames = null; - RangerTaggedResource ret = null; - RangerTaggedResource oldResource = null; try { - oldResource = tagStore.getResource(key); - } catch (Exception excp) { - LOG.error("getResource(" + key + ") failed", excp); + tagNames = tagStore.getTags(serviceName); + } catch(Exception excp) { + LOG.error("getTags(" + serviceName + ") failed", excp); throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } - if (oldResource != null) { - List<RangerTaggedResource.RangerResourceTag> tags = oldResource.getTags(); - - if (CollectionUtils.isNotEmpty(tagsToAdd)) { - tags.addAll(tagsToAdd); - } + if(LOG.isDebugEnabled()) { + LOG.debug("<== TagREST.getTagNames(" + serviceName + ")"); + } + return tagNames; + } - if (CollectionUtils.isNotEmpty(tagsToDelete)) { - tags.removeAll(tagsToDelete); - } + // This API is typically used by GUI to help lookup available tags from RangerAdmin to help tag-policy writer. It + // may also be used to validate configuration parameters of a tag-service - oldResource.setTags(tags); + @GET + @Path(TagRESTConstants.LOOKUP_TAGS_RESOURCE) + @Produces({ "application/json", "application/xml" }) + public List<String> lookupTags(@QueryParam(TagRESTConstants.SERVICE_NAME_PARAM) String serviceName, + @DefaultValue(".*") @QueryParam(TagRESTConstants.PATTERN_PARAM) String tagNamePattern) { + if(LOG.isDebugEnabled()) { + LOG.debug("==> TagREST.lookupTags(" + serviceName + ", " + tagNamePattern + ")"); + } + List<String> matchingTagNames = null; - try { - ret = tagStore.updateTaggedResource(oldResource); - } catch (Exception excp) { - LOG.error("updateResource(" + key + ") failed", excp); + try { + matchingTagNames = tagStore.lookupTags(serviceName, tagNamePattern); + } catch(Exception excp) { + LOG.error("lookupTags(" + serviceName + ") failed", excp); - throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); - } - } else { - LOG.error("updateResourceTags() could not find tagged resource with key=" + key); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true); } if(LOG.isDebugEnabled()) { - LOG.debug("<== TagREST.updateResource()"); + LOG.debug("<== TagREST.lookupTags(" + serviceName + ")"); } - - return ret; + return matchingTagNames; } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java b/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java index 02efcf3..915ff13 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagRESTConstants.java @@ -20,31 +20,27 @@ package org.apache.ranger.rest; public class TagRESTConstants { - public static final String TAGDEF_NAME_AND_VERSION = "tag-def/v1"; + public static final String TAGDEF_NAME_AND_VERSION = "tags"; - static final String TAGS_RESOURCE = "tags"; - static final String TAG_RESOURCE = "tag"; + static final String TAGDEFS_RESOURCE = "/tagdefs/"; + static final String TAGDEF_RESOURCE = "/tagdef/"; - static final String RESOURCES_RESOURCE = "resources"; - static final String RESOURCE_RESOURCE = "resource"; + static final String TAGS_RESOURCE = "/tags/"; + static final String TAG_RESOURCE = "/tag/"; - static final String TAGNAMES_RESOURCE = "resources/tag-names"; - static final String LOOKUP_TAGS_RESOURCE = "resources/lookup-tags"; + static final String RESOURCES_RESOURCE = "/resources/"; + static final String RESOURCE_RESOURCE = "/resource/"; - static final String RESOURCES_UPDATED_RESOURCE = "resources/updated-resources"; - static final String RESOURCES_ALL_RESOURCE = "resources/all-resources"; - static final String RESOURCE_SET_RESOURCE = "resources/set-resource"; - static final String RESOURCES_SET_RESOURCE = "resources/set-resources"; - static final String RESOURCE_UPDATE_RESOURCE = "resources/update-resource"; + static final String TAGRESOURCEMAPS_RESOURCE = "/tagresourcemaps/"; - static final String ACTION_SUB_RESOURCE = "update"; - static final String ACTION_OP = "op"; - static final String ACTION_ADD = "add"; - static final String ACTION_REPLACE = "replace"; - static final String ACTION_DELETE = "delete"; - public static final String SERVICE_NAME_PARAM = "servicename"; - public static final String TAG_TIMESTAMP_PARAM = "tagtimestamp"; - public static final String TAG_PATTERN_PARAM = "tagpattern"; + static final String TAGNAMES_RESOURCE = "/tags/names/"; + static final String LOOKUP_TAGS_RESOURCE = "/tags/lookup/"; + + static final String TAGS_DOWNLOAD = "/download/"; + + public static final String SERVICE_NAME_PARAM = "serviceName"; + public static final String LAST_KNOWN_TAG_VERSION_PARAM = "tagVersion"; + public static final String PATTERN_PARAM = "pattern"; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java index 9ed70b3..bd61ff1 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagDefService.java @@ -45,7 +45,7 @@ public class RangerTagDefService extends RangerTagDefServiceBase<XXTagDef, Range } - public RangerTagDef getPopulatedViewObjject(XXTagDef xObj) { + public RangerTagDef getPopulatedViewObject(XXTagDef xObj) { return populateViewBean(xObj); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java new file mode 100644 index 0000000..b5cb303 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagService.java @@ -0,0 +1,35 @@ +package org.apache.ranger.service; + +import org.apache.ranger.common.SearchField; +import org.apache.ranger.entity.XXTag; +import org.apache.ranger.plugin.model.RangerTag; +import org.apache.ranger.plugin.util.SearchFilter; +import org.springframework.stereotype.Service; + +/** + * Created by akulkarni on 8/19/15. + */ + +@Service +public class RangerTagService extends RangerTagServiceBase<XXTag, RangerTag> { + + public RangerTagService() { + searchFields.add(new SearchField(SearchFilter.TAG_ID, "obj.id", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); + searchFields.add(new SearchField(SearchFilter.TAG_NAME, "obj.name", SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); + } + + @Override + protected void validateForCreate(RangerTag vObj) { + + } + + @Override + protected void validateForUpdate(RangerTag vObj, XXTag entityObj) { + + } + + public RangerTag getPopulatedViewObject(XXTag xObj) { + return populateViewBean(xObj); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java new file mode 100644 index 0000000..7a9c9da --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTagServiceBase.java @@ -0,0 +1,100 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.service; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang.StringUtils; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.RangerConfigUtil; +import org.apache.ranger.entity.XXDBBase; +import org.apache.ranger.entity.XXTagAttributeDef; +import org.apache.ranger.entity.XXTag; +import org.apache.ranger.plugin.model.RangerTag; +import org.apache.ranger.plugin.model.RangerTagDef; +import org.apache.ranger.plugin.store.PList; +import org.apache.ranger.plugin.util.SearchFilter; +import org.springframework.beans.factory.annotation.Autowired; + +public abstract class RangerTagServiceBase<T extends XXTag, V extends RangerTag> extends + RangerBaseModelService<T, V> { + + @Autowired + GUIDUtil guidUtil; + + @Autowired + RangerAuditFields<XXDBBase> rangerAuditFields; + + @Autowired + RangerConfigUtil configUtil; + + @Override + @SuppressWarnings("unchecked") + protected XXTag mapViewToEntityBean(RangerTag vObj, XXTag xObj, int OPERATION_CONTEXT) { + String guid = (StringUtils.isEmpty(vObj.getGuid())) ? guidUtil.genGUID() : vObj.getGuid(); + + xObj.setGuid(guid); + xObj.setVersion(vObj.getVersion()); + xObj.setIsEnabled(vObj.getIsEnabled()); + xObj.setName(vObj.getName()); + return xObj; + } + + @Override + @SuppressWarnings("unchecked") + protected RangerTag mapEntityToViewBean(RangerTag vObj, XXTag xObj) { + + vObj.setGuid(xObj.getGuid()); + vObj.setVersion(xObj.getVersion()); + vObj.setIsEnabled(xObj.getIsEnabled()); + vObj.setName(xObj.getName()); + + return vObj; + } + + /** + * @param xObj + * @return + */ + public RangerTagDef.RangerTagAttributeDef populateRangerTagAttributeDef(XXTagAttributeDef xObj) { + RangerTagDef.RangerTagAttributeDef attrDef = new RangerTagDef.RangerTagAttributeDef(); + attrDef.setName(xObj.getName()); + attrDef.setType(xObj.getType()); + return attrDef; + } + + @SuppressWarnings("unchecked") + public PList<RangerTag> searchRangerTags(SearchFilter searchFilter) { + PList<RangerTag> retList = new PList<RangerTag>(); + List<RangerTag> tagList = new ArrayList<RangerTag>(); + + List<XXTag> xTagList = (List<XXTag>) searchRangerObjects(searchFilter, searchFields, sortFields, (PList<V>) retList); + + for (XXTag xTag : xTagList) { + RangerTag tag = populateViewBean((T) xTag); + tagList.add(tag); + } + + retList.setList(tagList); + + return retList; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/83cb21e0/security-admin/src/main/java/org/apache/ranger/service/RangerTaggedResourceService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerTaggedResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerTaggedResourceService.java index a0e7997..327a6b8 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerTaggedResourceService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerTaggedResourceService.java @@ -23,28 +23,28 @@ import org.apache.ranger.common.SearchField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.entity.XXTaggedResource; -import org.apache.ranger.plugin.model.RangerTaggedResource; +import org.apache.ranger.plugin.model.RangerServiceResource; import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.stereotype.Service; @Service -public class RangerTaggedResourceService extends RangerTaggedResourceServiceBase<XXTaggedResource, RangerTaggedResource> { +public class RangerTaggedResourceService extends RangerTaggedResourceServiceBase<XXTaggedResource, RangerServiceResource> { public RangerTaggedResourceService() { searchFields.add(new SearchField(SearchFilter.TAG_RESOURCE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL)); } @Override - protected void validateForCreate(RangerTaggedResource vObj) { + protected void validateForCreate(RangerServiceResource vObj) { } @Override - protected void validateForUpdate(RangerTaggedResource vObj, XXTaggedResource entityObj) { + protected void validateForUpdate(RangerServiceResource vObj, XXTaggedResource entityObj) { } - public RangerTaggedResource getPopulatedViewObjject(XXTaggedResource xObj) { + public RangerServiceResource getPopulatedViewObject(XXTaggedResource xObj) { return populateViewBean(xObj); }
