You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/13 04:45:16 UTC
incubator-ranger git commit: RANGER-391: ServiceDBStore to preserve
the order of resources/users/groups
Repository: incubator-ranger
Updated Branches:
refs/heads/master a93ac46d6 -> fabc9e205
RANGER-391: ServiceDBStore to preserve the order of resources/users/groups
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/fabc9e20
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/fabc9e20
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/fabc9e20
Branch: refs/heads/master
Commit: fabc9e2059f748585799d85eecf012c2fdc22145
Parents: a93ac46
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Sat Apr 11 22:37:05 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Apr 11 22:37:05 2015 -0700
----------------------------------------------------------------------
.../org/apache/ranger/biz/ServiceDBStore.java | 57 ++++++++++---
.../org/apache/ranger/common/ServiceUtil.java | 86 +++++++++++++++++++-
.../resources/META-INF/jpa_named_queries.xml | 44 +++++-----
3 files changed, 151 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index fd9c95b..7da3d8b 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -248,30 +248,39 @@ public class ServiceDBStore extends AbstractServiceStore {
XXServiceDef createdSvcDef = daoMgr.getXXServiceDef().getById(serviceDefId);
XXServiceConfigDefDao xxServiceConfigDao = daoMgr.getXXServiceConfigDef();
- for(RangerServiceConfigDef config : configs) {
+ for(int i = 0; i < configs.size(); i++) {
+ RangerServiceConfigDef config = configs.get(i);
+
XXServiceConfigDef xConfig = new XXServiceConfigDef();
xConfig = serviceDefService.populateRangerServiceConfigDefToXX(config, xConfig, createdSvcDef,
RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xConfig.setOrder(i);
xConfig = xxServiceConfigDao.create(xConfig);
}
XXResourceDefDao xxResDefDao = daoMgr.getXXResourceDef();
- for(RangerResourceDef resource : resources) {
+ for(int i = 0; i < resources.size(); i++) {
+ RangerResourceDef resource = resources.get(i);
+
XXResourceDef parent = xxResDefDao.findByNameAndServiceDefId(resource.getParent(), serviceDefId);
Long parentId = (parent != null) ? parent.getId() : null;
XXResourceDef xResource = new XXResourceDef();
xResource = serviceDefService.populateRangerResourceDefToXX(resource, xResource, createdSvcDef,
RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xResource.setOrder(i);
xResource.setParent(parentId);
xResource = xxResDefDao.create(xResource);
}
XXAccessTypeDefDao xxATDDao = daoMgr.getXXAccessTypeDef();
- for(RangerAccessTypeDef accessType : accessTypes) {
+ for(int i = 0; i < accessTypes.size(); i++) {
+ RangerAccessTypeDef accessType = accessTypes.get(i);
+
XXAccessTypeDef xAccessType = new XXAccessTypeDef();
xAccessType = serviceDefService.populateRangerAccessTypeDefToXX(accessType, xAccessType, createdSvcDef,
RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xAccessType.setOrder(i);
xAccessType = xxATDDao.create(xAccessType);
Collection<String> impliedGrants = accessType.getImpliedGrants();
@@ -285,20 +294,26 @@ public class ServiceDBStore extends AbstractServiceStore {
}
XXPolicyConditionDefDao xxPolCondDao = daoMgr.getXXPolicyConditionDef();
- for (RangerPolicyConditionDef policyCondition : policyConditions) {
+ for (int i = 0; i < policyConditions.size(); i++) {
+ RangerPolicyConditionDef policyCondition = policyConditions.get(i);
+
XXPolicyConditionDef xPolicyCondition = new XXPolicyConditionDef();
xPolicyCondition = serviceDefService
.populateRangerPolicyConditionDefToXX(policyCondition,
xPolicyCondition, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xPolicyCondition.setOrder(i);
xPolicyCondition = xxPolCondDao.create(xPolicyCondition);
}
XXContextEnricherDefDao xxContextEnricherDao = daoMgr.getXXContextEnricherDef();
- for (RangerContextEnricherDef contextEnricher : contextEnrichers) {
+ for (int i = 0; i < contextEnrichers.size(); i++) {
+ RangerContextEnricherDef contextEnricher = contextEnrichers.get(i);
+
XXContextEnricherDef xContextEnricher = new XXContextEnricherDef();
xContextEnricher = serviceDefService
.populateRangerContextEnricherDefToXX(contextEnricher,
xContextEnricher, createdSvcDef, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xContextEnricher.setOrder(i);
xContextEnricher = xxContextEnricherDao.create(xContextEnricher);
}
@@ -310,9 +325,12 @@ public class ServiceDBStore extends AbstractServiceStore {
List<RangerEnumElementDef> elements = vEnum.getElements();
XXEnumElementDefDao xxEnumEleDefDao = daoMgr.getXXEnumElementDef();
- for(RangerEnumElementDef element : elements) {
+ for(int i = 0; i < elements.size(); i++) {
+ RangerEnumElementDef element = elements.get(i);
+
XXEnumElementDef xElement = new XXEnumElementDef();
xElement = serviceDefService.populateRangerEnumElementDefToXX(element, xElement, xEnum, RangerServiceDefService.OPERATION_CREATE_CONTEXT);
+ xElement.setOrder(i);
xElement = xxEnumEleDefDao.create(xElement);
}
}
@@ -1140,16 +1158,19 @@ public class ServiceDBStore extends AbstractServiceStore {
private void createNewPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerPolicyItem> policyItems, XXServiceDef xServiceDef) {
- for (RangerPolicyItem policyItem : policyItems) {
+ for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) {
+ RangerPolicyItem policyItem = policyItems.get(itemOrder);
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = (XXPolicyItem) rangerAuditFields.populateAuditFields(
xPolicyItem, xPolicy);
xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin());
xPolicyItem.setPolicyId(policy.getId());
+ xPolicyItem.setOrder(itemOrder);
xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem);
List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
- for (RangerPolicyItemAccess access : accesses) {
+ for (int i = 0; i < accesses.size(); i++) {
+ RangerPolicyItemAccess access = accesses.get(i);
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef()
.findByNameAndServiceId(access.getType(),
@@ -1166,11 +1187,14 @@ public class ServiceDBStore extends AbstractServiceStore {
xPolItemAcc.setType(xAccTypeDef.getId());
xPolItemAcc.setPolicyitemid(xPolicyItem.getId());
+ xPolItemAcc.setOrder(i);
xPolItemAcc = daoMgr.getXXPolicyItemAccess()
.create(xPolItemAcc);
}
List<String> users = policyItem.getUsers();
- for(String user : users) {
+ for(int i = 0; i < users.size(); i++) {
+ String user = users.get(i);
+
XXUser xUser = daoMgr.getXXUser().findByUserName(user);
if(xUser == null) {
LOG.info("User does not exists with username: "
@@ -1181,11 +1205,14 @@ public class ServiceDBStore extends AbstractServiceStore {
xUserPerm = (XXPolicyItemUserPerm) rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem);
xUserPerm.setUserId(xUser.getId());
xUserPerm.setPolicyItemId(xPolicyItem.getId());
+ xUserPerm.setOrder(i);
xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
List<String> groups = policyItem.getGroups();
- for(String group : groups) {
+ for(int i = 0; i < groups.size(); i++) {
+ String group = groups.get(i);
+
XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group);
if(xGrp == null) {
LOG.info("Group does not exists with groupName: "
@@ -1196,6 +1223,7 @@ public class ServiceDBStore extends AbstractServiceStore {
xGrpPerm = (XXPolicyItemGroupPerm) rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem);
xGrpPerm.setGroupId(xGrp.getId());
xGrpPerm.setPolicyItemId(xPolicyItem.getId());
+ xGrpPerm.setOrder(i);
xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm);
}
@@ -1212,12 +1240,14 @@ public class ServiceDBStore extends AbstractServiceStore {
continue;
}
- for(String value : condition.getValues()) {
+ for(int i = 0; i < condition.getValues().size(); i++) {
+ String value = condition.getValues().get(i);
XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition();
xPolItemCond = (XXPolicyItemCondition) rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem);
xPolItemCond.setPolicyItemId(xPolicyItem.getId());
xPolItemCond.setType(xPolCond.getId());
xPolItemCond.setValue(value);
+ xPolItemCond.setOrder(i);
xPolItemCond = daoMgr.getXXPolicyItemCondition().create(xPolItemCond);
}
}
@@ -1247,11 +1277,12 @@ public class ServiceDBStore extends AbstractServiceStore {
xPolRes = daoMgr.getXXPolicyResource().create(xPolRes);
List<String> values = policyRes.getValues();
- for (String value : values) {
+ for(int i = 0; i < values.size(); i++) {
XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap();
xPolResMap = (XXPolicyResourceMap) rangerAuditFields.populateAuditFields(xPolResMap, xPolRes);
xPolResMap.setResourceId(xPolRes.getId());
- xPolResMap.setValue(value);
+ xPolResMap.setValue(values.get(i));
+ xPolResMap.setOrder(i);
xPolResMap = daoMgr.getXXPolicyResourceMap().create(xPolResMap);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
index 19d320c..e13dea2 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/ServiceUtil.java
@@ -44,6 +44,7 @@ import org.apache.ranger.entity.XXUser;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
@@ -322,6 +323,7 @@ public class ServiceUtil {
ret.setServices(resString);
}
}
+ updateResourceName(ret);
List<VXPermMap> permMapList = getVXPermMapList(policy);
@@ -486,7 +488,89 @@ public class ServiceUtil {
}
return ret;
}
-
+
+ private void updateResourceName(VXResource resource) {
+ if(resource == null) {
+ return;
+ }
+
+ StringBuilder sb = new StringBuilder();
+
+ switch(resource.getAssetType()) {
+ case RangerCommonEnums.ASSET_HDFS:
+ sb.append(emptyIfNull(resource.getName()));
+ break;
+
+ case RangerCommonEnums.ASSET_HBASE:
+ {
+ String tables = emptyIfNull(resource.getTables());
+ String columnFamilies = emptyIfNull(resource.getColumnFamilies());
+ String columns = emptyIfNull(resource.getColumns());
+
+ for(String column : columns.split(",")) {
+ for(String columnFamily : columnFamilies.split(",")) {
+ for(String table : tables.split(",")) {
+ if(sb.length() > 0) {
+ sb.append(",");
+ }
+
+ sb.append("/").append(table).append("/").append(columnFamily).append("/").append(column);
+ }
+ }
+ }
+ }
+ break;
+
+ case RangerCommonEnums.ASSET_HIVE:
+ {
+ String databases = emptyIfNull(resource.getDatabases());
+ String tables = emptyIfNull(resource.getTables());
+ String columns = emptyIfNull(resource.getColumns());
+
+ for(String column : columns.split(",")) {
+ for(String table : tables.split(",")) {
+ for(String database : databases.split(",")) {
+ if(sb.length() > 0) {
+ sb.append(",");
+ }
+
+ sb.append("/").append(database).append(table).append("/").append("/").append(column);
+ }
+ }
+ }
+ }
+ break;
+
+ case RangerCommonEnums.ASSET_KNOX:
+ {
+ String topologies = emptyIfNull(resource.getTopologies());
+ String services = emptyIfNull(resource.getServices());
+
+ for(String service : services.split(",")) {
+ for(String topology : topologies.split(",")) {
+ if(sb.length() > 0) {
+ sb.append(",");
+ }
+
+ sb.append("/").append(topology).append(service);
+ }
+ }
+ }
+ break;
+
+ case RangerCommonEnums.ASSET_STORM:
+ sb.append(emptyIfNull(resource.getTopologies()));
+ break;
+ }
+
+ if(sb.length() > 0) {
+ resource.setName(sb.toString());
+ }
+ }
+
+ private String emptyIfNull(String str) {
+ return str == null ? "" : str;
+ }
private String getResourceString(List<String> values) {
String ret = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/fabc9e20/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index dc46fa2..b16635f 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -190,16 +190,16 @@
<!-- XXPolicyItem -->
<named-query name="XXPolicyItem.findByPolicyId">
- <query>select obj from XXPolicyItem obj where obj.policyId = :policyId</query>
+ <query>select obj from XXPolicyItem obj where obj.policyId = :policyId order by obj.order</query>
</named-query>
<!-- XXPolicy -->
<named-query name="XXPolicy.findByNameAndServiceId">
- <query>select obj from XXPolicy obj where obj.name = :polName and obj.service = :serviceId</query>
+ <query>select obj from XXPolicy obj where obj.name = :polName and obj.service = :serviceId order by obj.id</query>
</named-query>
<named-query name="XXPolicy.findByServiceId">
- <query>select obj from XXPolicy obj where obj.service = :serviceId</query>
+ <query>select obj from XXPolicy obj where obj.service = :serviceId order by obj.id</query>
</named-query>
<named-query name="XXPolicy.getMaxIdOfXXPolicy">
@@ -217,23 +217,23 @@
<!-- XXResourceDef -->
<named-query name="XXResourceDef.findByNameAndDefId">
- <query>select obj from XXResourceDef obj where obj.name = :name and obj.defId = :defId</query>
+ <query>select obj from XXResourceDef obj where obj.name = :name and obj.defId = :defId order by obj.level</query>
</named-query>
<named-query name="XXResourceDef.findByServiceDefId">
- <query>select obj from XXResourceDef obj where obj.defId = :serviceDefId</query>
+ <query>select obj from XXResourceDef obj where obj.defId = :serviceDefId order by obj.level</query>
</named-query>
<named-query name="XXResourceDef.findByPolicyId">
<query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef,
XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type
- and xSvc.id = xPol.service and xPol.id = :policyId</query>
+ and xSvc.id = xPol.service and xPol.id = :policyId order by obj.level</query>
</named-query>
<named-query name="XXResourceDef.findByNameAndPolicyId">
<query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef,
XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type
- and xSvc.id = xPol.service and xPol.id = :policyId and obj.name = :name</query>
+ and xSvc.id = xPol.service and xPol.id = :policyId and obj.name = :name order by obj.level</query>
</named-query>
<!-- XXAccessTypeDefGrants -->
@@ -243,17 +243,17 @@
<!-- XXEnumElementDef -->
<named-query name="XXEnumElementDef.findByEnumDefId">
- <query>select obj from XXEnumElementDef obj where obj.enumDefId = :enumDefId</query>
+ <query>select obj from XXEnumElementDef obj where obj.enumDefId = :enumDefId order by obj.order</query>
</named-query>
<!-- XXServiceConfigDef -->
<named-query name="XXServiceConfigDef.findByServiceDefId">
- <query>select obj from XXServiceConfigDef obj where obj.defId = :serviceDefId</query>
+ <query>select obj from XXServiceConfigDef obj where obj.defId = :serviceDefId order by obj.order</query>
</named-query>
<named-query name="XXServiceConfigDef.findByServiceDefName">
<query>select obj from XXServiceConfigDef obj, XXServiceDef svcDef
- where obj.defId = svcDef.id and svcDef.name = :serviceDef</query>
+ where obj.defId = svcDef.id and svcDef.name = :serviceDef order by obj.order</query>
</named-query>
@@ -273,28 +273,28 @@
</named-query>
<named-query name="XXPolicyConditionDef.findByServiceDefIdAndName">
- <query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name</query>
+ <query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name order by obj.order</query>
</named-query>
<named-query name="XXPolicyConditionDef.findByPolicyItemId">
<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond
- where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type</query>
+ where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type order by obj.order</query>
</named-query>
<named-query name="XXPolicyConditionDef.findByPolicyItemIdAndName">
<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond
where xPolItemCond.policyItemId = :polItemId and obj.name = :name
- and obj.id = xPolItemCond.type
+ and obj.id = xPolItemCond.type order by obj.order
</query>
</named-query>
<!-- XXContextEnricherDef -->
<named-query name="XXContextEnricherDef.findByServiceDefId">
- <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId</query>
+ <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId order by obj.order</query>
</named-query>
<named-query name="XXContextEnricherDef.findByServiceDefIdAndName">
- <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId and obj.name = :name</query>
+ <query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId and obj.name = :name order by obj.order</query>
</named-query>
@@ -334,32 +334,32 @@
<!-- XXPolicyResourceMap -->
<named-query name="XXPolicyResourceMap.findByPolicyResId">
- <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId</query>
+ <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId order by obj.order</query>
</named-query>
<!-- XXPolicyItemAccess -->
<named-query name="XXPolicyItemAccess.findByPolicyItemId">
- <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId</query>
+ <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId order by obj.order</query>
</named-query>
<!-- XXPolicyItemCondition -->
<named-query name="XXPolicyItemCondition.findByPolicyItemId">
- <query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId </query>
+ <query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId order by obj.order</query>
</named-query>
<named-query name="XXPolicyItemCondition.findByPolicyItemAndDefId">
<query>select obj from XXPolicyItemCondition obj where
- obj.policyItemId = :polItemId and obj.type = :polCondDefId</query>
+ obj.policyItemId = :polItemId and obj.type = :polCondDefId order by obj.order</query>
</named-query>
<!-- XXPolicyItemGroupPerm -->
<named-query name="XXPolicyItemGroupPerm.findByPolicyItemId">
- <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId</query>
+ <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId order by obj.order</query>
</named-query>
<!-- XXPolicyItemUserPerm -->
<named-query name="XXPolicyItemUserPerm.findByPolicyItemId">
- <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId</query>
+ <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId order by obj.order</query>
</named-query>
<!-- XXDataHist -->
@@ -482,4 +482,4 @@
xpu.id=:userId and gmp.isAllowed=:isAllowed
</query>
</named-query>
-</entity-mappings>
\ No newline at end of file
+</entity-mappings>