You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/03 03:54:51 UTC
[ranger] branch master updated: RANGER-3439: Add rest api to get or delete ranger policy based on guid
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 000e635 RANGER-3439: Add rest api to get or delete ranger policy based on guid
000e635 is described below
commit 000e6351ee4628979a20e2b72ac6f226e6dd1c0e
Author: pradeep <pr...@apache.org>
AuthorDate: Mon Nov 22 11:51:16 2021 +0530
RANGER-3439: Add rest api to get or delete ranger policy based on guid
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 4 ++--
.../java/org/apache/ranger/db/XXPolicyDao.java | 22 +++++++++++++----
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 12 ++++++----
.../java/org/apache/ranger/rest/ServiceREST.java | 28 ++++++++++++----------
.../main/resources/META-INF/jpa_named_queries.xml | 8 +++++--
5 files changed, 50 insertions(+), 24 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 0f0291d..85adda5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2303,10 +2303,10 @@ public class ServiceDBStore extends AbstractServiceStore {
return policyService.read(id);
}
- public RangerPolicy getPolicy(String guid, String serviceName) throws Exception {
+ public RangerPolicy getPolicy(String guid, String serviceName, String zoneName) throws Exception {
RangerPolicy ret = null;
if (StringUtils.isNotBlank(guid) && StringUtils.isNotBlank(serviceName)) {
- XXPolicy xPolicy = daoMgr.getXXPolicy().findByPolicyGUIDAndServiceName(guid, serviceName);
+ XXPolicy xPolicy = daoMgr.getXXPolicy().findPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
if (xPolicy != null) {
ret = policyService.getPopulatedViewObject(xPolicy);
}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index b068a06..4677c37 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -285,16 +285,30 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
return ret;
}
- public XXPolicy findByPolicyGUIDAndServiceName(String guid, String serviceName) {
- if (guid == null || serviceName == null) {
+ public XXPolicy findPolicyByGUIDAndServiceNameAndZoneName(String guid, String serviceName, String zoneName) {
+ if (guid == null || serviceName == null) {
return null;
}
+
try {
- XXPolicy xPol = getEntityManager().createNamedQuery("XXPolicy.findByGUIDAndServiceName", tClass).setParameter("guid", guid).setParameter("serviceName", serviceName).getSingleResult();
- return xPol;
+ if (zoneName == null || zoneName.trim().isEmpty()) {
+ return getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceName", tClass)
+ .setParameter("guid", guid)
+ .setParameter("serviceName", serviceName)
+ .setParameter("zoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)
+ .getSingleResult();
+ } else {
+ return getEntityManager()
+ .createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName", tClass)
+ .setParameter("guid", guid)
+ .setParameter("serviceName", serviceName)
+ .setParameter("zoneName", zoneName)
+ .getSingleResult();
+ }
} catch (NoResultException e) {
return null;
}
+
}
public List<XXPolicy> findByPolicyStatus(Boolean isPolicyEnabled) {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 6ab3d52..204cadb 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -413,8 +413,10 @@ public class PublicAPIsv2 {
@GET
@Path("/api/policy/guid/{guid}")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
- return serviceREST.getPolicyByGUIDAndServiceName(guid, serviceName);
+ public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+ @DefaultValue("") @QueryParam("serviceName") String serviceName,
+ @DefaultValue("") @QueryParam("ZoneName") String zoneName) {
+ return serviceREST.getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
}
@POST
@@ -516,8 +518,10 @@ public class PublicAPIsv2 {
@DELETE
@Path("/api/policy/guid/{guid}")
@Produces({ "application/json", "application/xml" })
- public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
- serviceREST.deletePolicyByGUIDAndServiceName(guid, serviceName);
+ public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+ @DefaultValue("") @QueryParam("serviceName") String serviceName,
+ @DefaultValue("") @QueryParam("zoneName") String zoneName) {
+ serviceREST.deletePolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
}
@GET
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 3ba2965..2f5fda2 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3762,24 +3762,26 @@ public class ServiceREST {
@GET
@Path("/policies/guid/{guid}")
@Produces({ "application/json", "application/xml" })
- public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+ @DefaultValue("") @QueryParam("serviceName") String serviceName,
+ @DefaultValue("") @QueryParam("zoneName") String zoneName) {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName + ")");
}
RangerPolicy ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName + ")");
}
- ret = svcStore.getPolicy(guid, serviceName);
+ ret = svcStore.getPolicy(guid, serviceName, zoneName);
if (ret != null) {
ensureAdminAndAuditAccess(ret);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
- LOG.error("getPolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+ LOG.error("getPolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
@@ -3788,7 +3790,7 @@ public class ServiceREST {
throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + "): " + ret);
+ LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +"): " + ret);
}
return ret;
}
@@ -3796,30 +3798,32 @@ public class ServiceREST {
@DELETE
@Path("/policies/guid/{guid}")
@Produces({ "application/json", "application/xml" })
- public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid,
+ @DefaultValue("") @QueryParam("serviceName") String serviceName,
+ @DefaultValue("") @QueryParam("zoneName") String zoneName) {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")");
}
RangerPolicy ret = null;
RangerPerfTracer perf = null;
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
- perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName +")");
}
- ret = getPolicyByGUIDAndServiceName(guid, serviceName);
+ ret = getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName);
if (ret != null) {
deletePolicy(ret.getId());
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
- LOG.error("deletePolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+ LOG.error("deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")");
}
}
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 8225e30..539d600 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -393,8 +393,12 @@
<query>select obj from XXPolicy obj where obj.id in (select item.policyId from XXPolicyItem item) </query>
</named-query>
- <named-query name="XXPolicy.findByGUIDAndServiceName">
- <query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName</query>
+ <named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceName">
+ <query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = :zoneId</query>
+ </named-query>
+
+ <named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName">
+ <query>select obj from XXPolicy obj, XXService svc, XXSecurityZone zone where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = zone.id and zone.name = :zoneName</query>
</named-query>
<!-- XXServiceDef -->