You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ab...@apache.org on 2020/04/30 21:45:23 UTC
[ranger] branch master updated: RANGER-2814: RangerServiceResource signature should not include service-specific information

This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 91a00f4  RANGER-2814: RangerServiceResource signature should not include service-specific information
91a00f4 is described below

commit 91a00f42062bfe01600fd477a4d57d5b1a6b8b06
Author: Abhay Kulkarni <ab...@apache.org>
AuthorDate: Thu Apr 30 14:32:30 2020 -0700

    RANGER-2814: RangerServiceResource signature should not include service-specific information
---
 .../store/RangerServiceResourceSignature.java      |   2 +-
 .../optimized/current/ranger_core_db_mysql.sql     |   1 +
 .../optimized/current/ranger_core_db_oracle.sql    |   1 +
 .../optimized/current/ranger_core_db_postgres.sql  |   1 +
 .../current/ranger_core_db_sqlanywhere.sql         |   2 +
 .../optimized/current/ranger_core_db_sqlserver.sql |   1 +
 ...chForMigratingRangerServiceResource_J10037.java | 202 +++++++++++++++++++++
 7 files changed, 209 insertions(+), 1 deletion(-)

diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
index eb9a9d2..d7fedf0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/RangerServiceResourceSignature.java
@@ -57,7 +57,7 @@ public class RangerServiceResourceSignature {
 				resources.put(resourceName, resourceView);
 			}
 			String resourcesAsString = resources.toString();
-			return String.format("{version=%d,service=%s,resource=%s}", _SignatureVersion, serviceResource.getServiceName(), resourcesAsString);
+			return String.format("{version=%d,resource=%s}", _SignatureVersion, resourcesAsString);
 		}
 
 		static class ResourceSerializer {
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 320ab6d..4bd242a 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1755,4 +1755,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10034',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10035',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10036',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index fbf91d8..719a83c 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1930,5 +1930,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10034',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10035',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10036',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10037',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
 commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 74c7ffc..71930f2 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1878,6 +1878,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10034',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10035',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10036',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
 
 DROP VIEW IF EXISTS vx_trx_log;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 4715584..388a700 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2273,6 +2273,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10036',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 1a966da..3f9e47b 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3961,6 +3961,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10034',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10035',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10036',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
 GO
 CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingRangerServiceResource_J10037.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingRangerServiceResource_J10037.java
new file mode 100644
index 0000000..985f5e1
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForMigratingRangerServiceResource_J10037.java
@@ -0,0 +1,202 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *	 http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Consolidates Ranger policy details into a JSON string and stores it into a
+ * column in x_policy table After running this patch Ranger policy can be
+ * completely read/saved into x_policy table and some related Ref tables (which
+ * maintain ID->String mapping for each policy).
+ *
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceResource;
+import org.apache.ranger.plugin.model.RangerServiceResource;
+import org.apache.ranger.plugin.store.RangerServiceResourceSignature;
+import org.apache.ranger.service.RangerServiceResourceService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.TransactionDefinition;
+import org.springframework.transaction.TransactionStatus;
+import org.springframework.transaction.support.TransactionCallback;
+import org.springframework.transaction.support.TransactionTemplate;
+
+@Component
+public class PatchForMigratingRangerServiceResource_J10037 extends BaseLoader {
+
+	private static final Logger logger = Logger.getLogger(PatchForMigratingRangerServiceResource_J10037.class);
+
+	@Autowired
+	RangerDaoManager daoMgr;
+
+	@Autowired
+	@Qualifier(value = "transactionManager")
+	PlatformTransactionManager txManager;
+
+	@Autowired
+	RangerServiceResourceService serviceResourceService;
+
+	public static void main(String[] args) {
+		logger.info("main() starts");
+		try {
+			PatchForMigratingRangerServiceResource_J10037 loader = (PatchForMigratingRangerServiceResource_J10037) CLIUtil
+					.getBean(PatchForMigratingRangerServiceResource_J10037.class);
+
+			loader.init();
+
+			while (loader.isMoreToProcess()) {
+				loader.load();
+			}
+
+			logger.info("Load complete. Exiting!!!");
+
+			System.exit(0);
+		} catch (Exception e) {
+			logger.error("Error loading", e);
+			System.exit(1);
+		}
+	}
+
+	@Override
+	public void init() throws Exception {
+		// Do Nothing
+	}
+
+	@Override
+	public void execLoad() {
+		logger.info("==> PatchForMigratingRangerServiceResource.execLoad()");
+
+		try {
+			updateRangerServiceResourceSignature();
+		} catch (Exception e) {
+			logger.error("Error while updateRangerServiceResourceSignature()", e);
+			System.exit(1);
+		}
+
+		logger.info("<== PatchForMigratingRangerServiceResource.execLoad()");
+	}
+
+	@Override
+	public void printStats() {
+		logger.info(" Updating Ranger Service Resource signature ");
+	}
+
+	private void updateRangerServiceResourceSignature() throws Exception {
+		logger.info("==> updateRangerServiceResourceSignature() start ");
+
+		List<XXService> allServices = daoMgr.getXXService().getAll();
+
+		if (CollectionUtils.isNotEmpty(allServices)) {
+
+			for (XXService xService : allServices) {
+				logger.info("processing ranger service: " + xService);
+
+				List<String> serviceResourceGuids = daoMgr.getXXServiceResource().findServiceResourceGuidsInServiceId(xService.getId());
+
+				if (CollectionUtils.isNotEmpty(serviceResourceGuids)) {
+
+					TransactionTemplate txTemplate = new TransactionTemplate(txManager);
+
+					int chunkSize   = 1000; // hardcoded
+					int numOfChunks = (serviceResourceGuids.size() / chunkSize) + 1;
+
+					for (int chunkIndex = 0; chunkIndex < numOfChunks; chunkIndex++) {
+						List<String> chunk = serviceResourceGuids.subList(chunkIndex * chunkSize, (chunkIndex == numOfChunks -1 ? serviceResourceGuids.size() : (chunkIndex + 1) * chunkSize));
+
+						ServiceResourceUpdaterThread updaterThread = new ServiceResourceUpdaterThread(txTemplate, chunk);
+
+						String errorMsg = runThread(updaterThread);
+
+						if (StringUtils.isNotEmpty(errorMsg)) {
+							throw new Exception(errorMsg);
+						}
+					}
+				} else {
+					logger.info("No Ranger service resource found for service : " + xService.getDisplayName());
+				}
+			}
+		} else {
+			logger.info("No Ranger service found");
+		}
+
+		logger.info("<== updateRangerServiceResourceSgnature() end");
+	}
+
+	private String runThread(ServiceResourceUpdaterThread updaterThread) throws Exception {
+		updaterThread.setDaemon(true);
+		updaterThread.start();
+		updaterThread.join();
+		return updaterThread.getErrorMsg();
+	}
+
+	private class ServiceResourceUpdaterThread extends Thread {
+		final TransactionTemplate     txTemplate;
+		final List<String>            entityGuids;
+		String                        errorMsg;
+
+		ServiceResourceUpdaterThread(TransactionTemplate txTemplate, final List<String> entityGuids) {
+			this.txTemplate  = txTemplate;
+			this.entityGuids = entityGuids;
+			this.errorMsg    = null;
+		}
+
+		public String getErrorMsg() {
+			return errorMsg;
+		}
+
+		@Override
+		public void run() {
+			txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
+
+			errorMsg = txTemplate.execute(new TransactionCallback<String>() {
+				@Override
+				public String doInTransaction(TransactionStatus status) {
+					String ret = null;
+					try {
+						if (CollectionUtils.isNotEmpty(entityGuids)) {
+							for (String entityGuid : entityGuids) {
+								XXServiceResource              entityObject = daoMgr.getXXServiceResource().findByGuid(entityGuid);
+								RangerServiceResource          viewObject   = serviceResourceService.getPopulatedViewObject(entityObject);
+								RangerServiceResourceSignature serializer   = new RangerServiceResourceSignature(viewObject);
+
+								entityObject.setResourceSignature(serializer.getSignature());
+
+								daoMgr.getXXServiceResource().update(entityObject);
+							}
+						}
+					} catch (Throwable e) {
+						logger.error("signature update  failed :[rangerServiceResource=" + entityGuids + "]", e);
+						ret = e.toString();
+					}
+					return ret;
+				}
+			});
+		}
+	}
+
+}