You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/05/02 03:02:54 UTC
[2/2] incubator-ranger git commit: RANGER-446: Updated legacy Public
API to skip services and policies of new service-types. Unused code removed
in AssetMgr.
RANGER-446: Updated legacy Public API to skip services and policies of new service-types. Unused code removed in AssetMgr.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/dbc489a7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/dbc489a7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/dbc489a7
Branch: refs/heads/master
Commit: dbc489a7ffd8e95b7d067a5dea836d840dee9209
Parents: 9adfcbe
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Wed Apr 29 09:26:54 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Fri May 1 17:43:18 2015 -0700
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/AssetMgr.java | 1965 +-----------------
.../org/apache/ranger/biz/AssetMgrBase.java | 74 +-
.../org/apache/ranger/common/ServiceUtil.java | 195 +-
.../java/org/apache/ranger/rest/PublicAPIs.java | 48 +-
.../org/apache/ranger/biz/TestAssetMgr.java | 735 -------
.../org/apache/ranger/rest/TestPublicAPIs.java | 246 ---
6 files changed, 161 insertions(+), 3102 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dbc489a7/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index ecb3541..acd6336 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -23,12 +23,10 @@ import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Random;
import java.util.Set;
import javax.naming.InvalidNameException;
@@ -36,27 +34,19 @@ import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.common.AppConstants;
-import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.DateUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RangerCommonEnums;
-import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.StringUtil;
-import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
-import org.apache.ranger.entity.XXAsset;
-import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPermMap;
import org.apache.ranger.entity.XXPolicyExportAudit;
import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXPortalUserRole;
-import org.apache.ranger.entity.XXResource;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.service.XAccessAuditService;
@@ -132,531 +122,6 @@ public class AssetMgr extends AssetMgrBase {
static Logger logger = Logger.getLogger(AssetMgr.class);
- @Override
- public VXResource createXResource(VXResource vXResource) {
- UserSessionBase session = ContextUtil.getCurrentUserSession();
- if (session == null) {
- logger.error("Trying to create/update policy without log-in.");
- throw restErrorUtil.create403RESTException("Resource "
- + "creation/updation not allowed");
- }
-
- Long assetId = vXResource.getAssetId();
- XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId);
- if (xAsset == null) {
- logger.error("Repository not found for assetId : " + assetId);
- throw restErrorUtil.create403RESTException("Repository for which"
- + " the policy is created, doesn't exist.");
- }
-
- if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){
- if(!session.isUserAdmin()){
- logger.error("Trying to create/update policy in disabled repository");
- throw restErrorUtil.createRESTException("Resource "
- + "creation/updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
- }
- }
- // Create resource path for HIVE/Hbase policy.
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- createResourcePathForHive(vXResource);
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- createResourcePathForHbase(vXResource);
- }else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
- createResourcePathForKnox(vXResource);
- }else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
- createResourcePathForStorm(vXResource);
- }
-
- String resourceName = vXResource.getName();
- String[] orgResNameList = stringUtil.split(resourceName, ",");
- List<String> newResNameList = new ArrayList<String>();
- for(String resName : orgResNameList) {
- if(resName.length() > 1 && (resName.substring(resName.length()-1).equalsIgnoreCase("/"))) {
- resName = resName.substring(0, resName.length()-1);
- newResNameList.add(resName);
- logger.info("Resource Name is not valid : " +resName + " Ignoring last /");
- } else {
- newResNameList.add(resName);
- }
- }
- String updResName = StringUtils.join(newResNameList, ",");
- vXResource.setName(updResName);
-
- SearchCriteria searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
-
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- if(stringUtil.isEmpty(vXResource.getUdfs())) {
- searchCriteria.addParam("tableType", vXResource.getTableType());
- searchCriteria.addParam("columnType", vXResource.getColumnType());
- } else {
- searchCriteria.addParam("udfs", vXResource.getUdfs());
- }
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
- searchCriteria.addParam("isRecursive", vXResource.getIsRecursive());
- }
-
- VXResourceList vXResourceList=xResourceService.searchXResources(searchCriteria);
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- logger.error("policy already exist with resource "+vXResource.getName());
- throw restErrorUtil.createRESTException("policy already exist with resource "
- +vXResource.getName(),MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
-
- VXResponse vXResponse = xaBizUtil.hasPermission(vXResource,
- AppConstants.XA_PERM_TYPE_ADMIN);
- if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) {
- throw restErrorUtil.createRESTException(vXResponse);
- }
-
- if (vXResource.getCheckParentPermission() != RangerConstants.BOOL_FALSE) {
- // check parent access for user and group
- xResourceService.checkAccess(vXResource);
- }
- vXResourceList=null;
- if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("fullPolicyName", vXResource.getPolicyName());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- //if policyname already exist then set null to generate from system
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- logger.error("policy already exist with name "+vXResource.getPolicyName());
- //logger.info("A system generated policy name shall be assigned to "+vXResource.getPolicyName());
- //vXResource.setPolicyName(null);
- throw restErrorUtil.createRESTException("policy already exist with name "
- +vXResource.getPolicyName(),MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
- }
-
- int tempPoliciesCount=0;
- String tempPolicyName=null;
- vXResourceList=null;
- if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- tempPoliciesCount=vXResourceList.getListSize();
- }
- vXResourceList=null;
- while(true){
- tempPoliciesCount++;
- tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- //if policy name not exist then list will be empty and generated policyname will valid
- if(vXResourceList==null|| vXResourceList.getListSize()==0){
- break;
- }
- }
- }
-
-
- vXResource = xResourceService.createResource(vXResource);
-
- List<VXPermMap> permMapList = vXResource.getPermMapList();
- List<VXAuditMap> auditMapList = vXResource.getAuditList();
-
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vXResource, "create");
- for (VXPermMap vXPermMap : permMapList) {
- trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap,
- "create"));
- }
- for (VXAuditMap vXAuditMap : auditMapList) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMap,
- "create"));
- }
-
- xaBizUtil.createTrxLog(trxLogList);
-
- return vXResource;
- }
-
- @Override
- public VXResource updateXResource(VXResource vXResource) {
-
- UserSessionBase currentUserSession = ContextUtil
- .getCurrentUserSession();
- if (currentUserSession == null) {
- throw restErrorUtil.createRESTException("Resource updation not "
- + "allowed",MessageEnums.OPER_NO_PERMISSION);
- }
-
- if (vXResource == null) {
- return null;
- }
-
- Long assetId = vXResource.getAssetId();
- XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId);
- if (xAsset == null) {
- throw restErrorUtil.createRESTException("The repository for which "
- + "you're updating policy, doesn't exist.",
- MessageEnums.INVALID_INPUT_DATA);
- }
-
- if(xAsset.getActiveStatus()==RangerCommonEnums.STATUS_DISABLED){
- if(!currentUserSession.isUserAdmin()){
- logger.error("Trying to update policy in disabled repository");
- throw restErrorUtil.createRESTException("Resource "
- + "updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
- }
- }
-
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- createResourcePathForHive(vXResource);
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- createResourcePathForHbase(vXResource);
- }else if (xAsset.getAssetType() == AppConstants.ASSET_KNOX) {
- createResourcePathForKnox(vXResource);
- }else if (xAsset.getAssetType() == AppConstants.ASSET_STORM) {
- createResourcePathForStorm(vXResource);
- }
-
- SearchCriteria searchCriteria = new SearchCriteria();
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
-
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- if(stringUtil.isEmpty(vXResource.getUdfs())) {
- searchCriteria.addParam("tableType", vXResource.getTableType());
- searchCriteria.addParam("columnType", vXResource.getColumnType());
- } else {
- searchCriteria.addParam("udfs", vXResource.getUdfs());
- }
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HDFS) {
- searchCriteria.addParam("isRecursive", vXResource.getIsRecursive());
- }
-
- VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- if(vXResource!=null && vXResource.getId()!=null){
- for(VXResource vXResourceTemp :vXResourceList.getList()){
- if(vXResourceTemp!=null && !(vXResource.getId().equals(vXResourceTemp.getId()))){
- logger.error("policy already exists with name "+vXResource.getName());
- throw restErrorUtil.createRESTException("policy already exists with name "
- +vXResource.getName(),MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
- }
- }
- }
-
- VXResponse vXResponse = xaBizUtil.hasPermission(vXResource,
- AppConstants.XA_PERM_TYPE_ADMIN);
- if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) {
- throw restErrorUtil.createRESTException(vXResponse);
- }
-
- if (vXResource.getCheckParentPermission() != RangerConstants.BOOL_FALSE) {
- // check parent access for user and group
- xResourceService.checkAccess(vXResource);
- }
-
- //policyName creation and validation logic start here
- if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("fullPolicyName", vXResource.getPolicyName());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- if(vXResource!=null && vXResource.getId()!=null){
- for (VXResource newVXResource : vXResourceList.getList()) {
- if(newVXResource!=null && newVXResource.getId()!=null){
- if(!vXResource.getId().equals(newVXResource.getId()) && vXResource.getPolicyName().trim().equalsIgnoreCase((newVXResource.getPolicyName()!=null?newVXResource.getPolicyName().trim():newVXResource.getPolicyName()))){
- logger.error("policy already exists with name "+vXResource.getPolicyName());
-// logger.info("A system generated policy name shall be assigned to "+vXResource.getPolicyName());
-// vXResource.setPolicyName(null);
-// break;
- throw restErrorUtil.createRESTException("policy already exists with name "
- +vXResource.getPolicyName(),MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
- }
- }
- }
- }
- }
-
- int tempPoliciesCount=0;
- int totalPoliciesCount=1;
- String tempPolicyName=null;
- vXResourceList=null;
- if(vXResource.getPolicyName()==null || vXResource.getPolicyName().trim().isEmpty()){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- totalPoliciesCount=vXResourceList.getListSize();
- tempPoliciesCount++;
- for(VXResource newVXResource : vXResourceList.getList()) {
- if(newVXResource!=null && newVXResource.getId()!=null){
- if(vXResource.getId().equals(newVXResource.getId())){
- break;
- }
- }
- tempPoliciesCount++;
- }
- tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- vXResourceList=null;
- }else{
- tempPoliciesCount++;
- tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- }
- while(true){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
- vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceList==null || vXResourceList.getListSize()==0){
- break;
- }else{
- tempPolicyName=xAsset.getName()+"-"+totalPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- }
- }
-
- }
-
- //policyName creation and validation logic end here
-
- XXResource xResouce = rangerDaoManager.getXXResource().getById(
- vXResource.getId());
-
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vXResource, xResouce, "update");
-
- VXResource resource = super.updateXResource(vXResource);
-
- List<VXPermMap> newPermMapList = vXResource.getPermMapList();
- searchCriteria = new SearchCriteria();
- searchCriteria.addParam("resourceId", vXResource.getId());
- VXPermMapList prevPermMaps = xPermMapService
- .searchXPermMaps(searchCriteria);
- List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>();
- if (prevPermMaps != null) {
- prevPermMapList = prevPermMaps.getVXPermMaps();
- }
-
- List<VXPermMap> permMaps = new ArrayList<VXPermMap>();
- List<VXAuditMap> auditMaps = new ArrayList<VXAuditMap>();
-
- List<VXPermMap> permMapsToDelete = new ArrayList<VXPermMap>();
- List<VXAuditMap> auditMapsToDelete = new ArrayList<VXAuditMap>();
-
- // Create and update permissions
- if (newPermMapList != null) {
- for (VXPermMap newObj : newPermMapList) {
- if (newObj.getUserId() == null && newObj.getGroupId() == null
- && !stringUtil.isEmpty(newObj.getUserName())) {
- XXUser xxUser = rangerDaoManager.getXXUser().findByUserName(
- newObj.getUserName());
- if (xxUser != null) {
- newObj.setUserId(xxUser.getId());
- } else {
- VXUser vxUser = new VXUser();
- vxUser.setName(newObj.getUserName());
- vxUser.setDescription(newObj.getUserName());
- vxUser = xUserService.createResource(vxUser);
- newObj.setUserId(vxUser.getId());
- }
- }
- newObj.setResourceId(resource.getId());
- if (newObj.getId() != null) {
- /**
- * Considering the new objects won't have id however the
- * existing ones will have id.
- */
- for (VXPermMap oldObj : prevPermMapList) {
- if (oldObj.getId().equals(newObj.getId())) {
- if (oldObj.getPermType() != newObj.getPermType()) {
- // This should never be the case because we're
- // not supporting perm map update.
- // doNothing...
- logger.error(
- "Invalid use case: shouldn't be happening, need to debug.",
- new IllegalStateException());
- break;
- } else {
- xPermMapService.updateResource(newObj);
- trxLogList.addAll(xPermMapService
- .getTransactionLog(newObj, oldObj,
- "update"));
- }
- }
- }
- // newObj = xPermMapService.updateResource(newObj);
- } else {
- newObj = xPermMapService.createResource(newObj);
- trxLogList.addAll(xPermMapService.getTransactionLog(newObj,
- "create"));
- }
- permMaps.add(newObj);
- }
- }
-
- // Delete old removed permissions
- if (prevPermMapList != null) {
- for (VXPermMap oldObj : prevPermMapList) {
- boolean found = false;
- if (newPermMapList != null) {
- for (VXPermMap newObj : newPermMapList) {
- if (newObj.getId() != null
- && newObj.getId().equals(oldObj.getId())) {
- found = true;
- break;
- }
- }
- }
- if (!found) {
- trxLogList.addAll(xPermMapService.getTransactionLog(oldObj,
- "delete"));
- permMapsToDelete.add(oldObj);
- // xPermMapService.deleteResource(oldObj.getId());
- }
- }
- }
-
- List<VXAuditMap> newAuditMapList = vXResource.getAuditList();
- VXAuditMapList vXAuditMaps = xAuditMapService
- .searchXAuditMaps(searchCriteria);
- List<VXAuditMap> prevAuditMapList = new ArrayList<VXAuditMap>();
- if (vXAuditMaps != null && vXAuditMaps.getResultSize() != 0) {
- prevAuditMapList = vXAuditMaps.getList();
- }
-
- // Create and update permissions
- if (newAuditMapList != null) {
- for (VXAuditMap newObj : newAuditMapList) {
- if (newObj.getId() != null) {
- /**
- * Considering the new objects won't have id however the
- * existing ones will have id.
- */
- for (VXAuditMap oldObj : prevAuditMapList) {
- if (oldObj.getId().equals(newObj.getId())
- && oldObj.getAuditType() != newObj
- .getAuditType()) {
- // This should never be the case because we're not
- // supporting perm map update.
- // doNothing...
- logger.error(
- "Invalid use case: shouldn't be happening, need to debug.",
- new IllegalStateException());
- break;
- // } else {
- // trxLogList.addAll(xAuditMapService.getTransactionLog(newObj,
- // oldObj, "update"));
- }
- }
- // newObj = xAuditMapService.updateResource(newObj);
- } else {
- newObj = xAuditMapService.createResource(newObj);
- trxLogList.addAll(xAuditMapService.getTransactionLog(
- newObj, "create"));
- }
- auditMaps.add(newObj);
- }
- }
-
- // Delete old removed permissions
- if (prevAuditMapList != null) {
- for (VXAuditMap oldObj : prevAuditMapList) {
- boolean found = false;
- if (newAuditMapList != null) {
- for (VXAuditMap newObj : newAuditMapList) {
- if (newObj.getId() != null
- && newObj.getId().equals(oldObj.getId())) {
- found = true;
- break;
- }
- }
- }
-
- if (!found) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(
- oldObj, "delete"));
- auditMapsToDelete.add(oldObj);
- // xAuditMapService.deleteResource(oldObj.getId());
- }
- }
- }
-
- xaBizUtil.createTrxLog(trxLogList);
-
- for (VXPermMap permMap : permMapsToDelete) {
- xPermMapService.deleteResource(permMap.getId());
- }
-
- for (VXAuditMap auditMap : auditMapsToDelete) {
- xAuditMapService.deleteResource(auditMap.getId());
- }
- resource.setPermMapList(permMaps);
- resource.setAuditList(auditMaps);
- return resource;
- }
-
- @Override
- public void deleteXResource(Long id, boolean force) {
-
- VXResource vResource = xResourceService.readResource(id);
- UserSessionBase currentUserSession = ContextUtil
- .getCurrentUserSession();
- if (currentUserSession == null) {
- throw restErrorUtil.createRESTException("Resource deletion not "
- + "allowed",MessageEnums.OPER_NO_PERMISSION);
- }
-
- Long assetId = vResource.getAssetId();
- XXAsset xAsset = rangerDaoManager.getXXAsset().getById(assetId);
- if (xAsset == null) {
- throw restErrorUtil.createRESTException("The repository for which "
- + "you're deleting policy, doesn't exist.",
- MessageEnums.INVALID_INPUT_DATA);
- }
-
- if(xAsset.getActiveStatus()==RangerCommonEnums.STATUS_DISABLED){
- if(!currentUserSession.isUserAdmin()){
- logger.error("Trying to delete policy in disabled repository");
- throw restErrorUtil.createRESTException("Resource "
- + "deletion not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
- }
- }
-
- SearchCriteria searchCriteria = new SearchCriteria();
- searchCriteria.addParam("resourceId", id);
-
- VXPermMapList permMaps = xPermMapService
- .searchXPermMaps(searchCriteria);
- VXAuditMapList vXAuditMapsList = xAuditMapService
- .searchXAuditMaps(searchCriteria);
-
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vResource, "delete");
-
- for (VXPermMap vxPermMap : permMaps.getVXPermMaps()) {
- trxLogList.addAll(xPermMapService.getTransactionLog(vxPermMap,
- "delete"));
- }
-
- for (VXAuditMap vXAuditMaps : vXAuditMapsList.getVXAuditMaps()) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMaps,
- "delete"));
- }
-
- xaBizUtil.createTrxLog(trxLogList);
-
- for (VXPermMap vxPermMap : permMaps.getVXPermMaps()) {
- xPermMapService.deleteResource(vxPermMap.getId());
- }
-
- for (VXAuditMap vXAuditMaps : vXAuditMapsList.getVXAuditMaps()) {
- xAuditMapService.deleteResource(vXAuditMaps.getId());
- }
-
- xResourceService.deleteResource(id);
- }
public File getXResourceFile(Long id, String fileType) {
VXResource xResource = xResourceService.readResource(id);
@@ -1018,525 +483,57 @@ public class AssetMgr extends AssetMgrBase {
return updatedPolicyStr;
}
+ @SuppressWarnings("unchecked")
+ private HashMap<String, Object> populatePermMap(VXResource xResource,
+ HashMap<String, Object> resourceMap, int assetType) {
+ List<VXPermMap> xPermMapList = xResource.getPermMapList();
- @Override
- public VXAsset createXAsset(VXAsset vXAsset) {
- UserSessionBase usb = ContextUtil.getCurrentUserSession();
- if (usb != null && usb.isUserAdmin()) {
-
- String defaultConfig = vXAsset.getConfig();
- defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,false);
- vXAsset.setConfig(defaultConfig);
- VXAsset createdVXAsset = (VXAsset) xAssetService
- .createResource(vXAsset);
- String udpatedConfig = vXAsset.getConfig();
- createdVXAsset.setConfig(defaultConfig);
-
- createDefaultPolicy(createdVXAsset, vXAsset.getConfig());
- createDefaultUDFPolicy(createdVXAsset, vXAsset.getConfig());
- createdVXAsset.setConfig(udpatedConfig);
-
- List<XXTrxLog> trxLogList = xAssetService.getTransactionLog(
- createdVXAsset, "create");
- xaBizUtil.createTrxLog(trxLogList);
- return createdVXAsset;
- } else {
- logger.debug("User id : " + (usb != null ? usb.getUserId() : "<UNKNOWN>") + " doesn't have "
- + "admin access to create repository.");
-
- throw restErrorUtil
- .createRESTException(
- "Sorry, you don't have permission to perform the operation",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
-
- }
- }
-
- private void createDefaultPolicy(VXAsset vXAsset, String config) {
- int assetType = vXAsset.getAssetType();
-
- Map<String, String> configMap = jsonUtil.jsonToMap(config);
- String userName = stringUtil.getValidUserName(configMap.get("username"));
-
- VXResource vXResource = new VXResource();
- vXResource.setAssetId(vXAsset.getId());
- vXResource.setAssetName(vXAsset.getName());
- vXResource.setResourceStatus(AppConstants.STATUS_ENABLED);
- String tempPolicyName=vXAsset.getName()+"-"+1+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- if (assetType == AppConstants.ASSET_HDFS) {
- vXResource.setName("/");
- vXResource.setIsRecursive(AppConstants.BOOL_TRUE);
- vXResource.setResourceType(AppConstants.RESOURCE_PATH);
- } else if (assetType == AppConstants.ASSET_HIVE) {
- vXResource.setDatabases("*");
- vXResource.setTables("*");
- vXResource.setColumns("*");
- vXResource.setName("/*/*/*");
- vXResource.setResourceType(AppConstants.RESOURCE_COLUMN);
- } else if (assetType == AppConstants.ASSET_HBASE) {
- vXResource.setTables("*");
- vXResource.setColumnFamilies("*");
- vXResource.setColumns("*");
- vXResource.setName("/*/*/*");
- vXResource.setResourceType(AppConstants.RESOURCE_COLUMN);
- } else if (assetType == AppConstants.ASSET_KNOX) {
- vXResource.setTopologies("*");
- vXResource.setServices("*");
- vXResource.setName("/*/*");
- vXResource.setResourceType(AppConstants.RESOURCE_SERVICE_NAME);
- } else if (assetType == AppConstants.ASSET_STORM) {
- vXResource.setTopologies("*");
- vXResource.setName("/*");
- vXResource.setResourceType(AppConstants.RESOURCE_TOPOLOGY);
- }
-
- vXResource = xResourceService.createResource(vXResource);
-
- if (userName != null && !userName.isEmpty()) {
- XXUser xxUser = rangerDaoManager.getXXUser().findByUserName(userName);
- VXUser vXUser;
- if (xxUser != null) {
- vXUser = xUserService.populateViewBean(xxUser);
- } else {
- vXUser = new VXUser();
- vXUser.setName(userName);
- vXUser.setUserSource(RangerCommonEnums.USER_EXTERNAL);
- vXUser=xUserMgr.createXUser(vXUser);
- //vXUser = xUserService.createResource(vXUser);
- }
-
- Random rand = new Random();
- String permGrp = new Date() + " : " + rand.nextInt(9999);
-
- VXPermMap vXPermMap = new VXPermMap();
- vXPermMap.setUserId(vXUser.getId());
- vXPermMap.setResourceId(vXResource.getId());
- vXPermMap.setPermGroup(permGrp);
- xPermMapService.createResource(vXPermMap);
-
- if (assetType == AppConstants.ASSET_KNOX) {
- String permGroup = new Date() + " : " + rand.nextInt(9999);
-
- VXPermMap permAdmin = new VXPermMap();
- permAdmin.setPermFor(AppConstants.XA_PERM_FOR_USER);
- permAdmin.setPermType(AppConstants.XA_PERM_TYPE_ADMIN);
- permAdmin.setUserId(vXUser.getId());
- permAdmin.setPermGroup(permGroup);
- permAdmin.setResourceId(vXResource.getId());
- xPermMapService.createResource(permAdmin);
-
- VXPermMap permAllow = new VXPermMap();
- permAllow.setPermFor(AppConstants.XA_PERM_FOR_USER);
- permAllow.setPermType(AppConstants.XA_PERM_TYPE_ALLOW);
- permAllow.setUserId(vXUser.getId());
- permAllow.setPermGroup(permGroup);
- permAllow.setResourceId(vXResource.getId());
- xPermMapService.createResource(permAllow);
- }
- }
-
- VXAuditMap vXAuditMap = new VXAuditMap();
- vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
- vXAuditMap.setResourceId(vXResource.getId());
- vXAuditMap = xAuditMapService.createResource(vXAuditMap);
- vXResource=xResourceService.readResource(vXResource.getId());
- List<VXPermMap> permMapList = vXResource.getPermMapList();
- List<VXAuditMap> auditMapList = vXResource.getAuditList();
-
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vXResource, "create");
- for (VXPermMap vXPermMap : permMapList) {
- trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap,
- "create"));
- }
- for (VXAuditMap vXAuditMapObj : auditMapList) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMapObj,
- "create"));
+ Set<Long> groupList = new HashSet<Long>();
+ for (VXPermMap xPermMap : xPermMapList) {
+ groupList.add(xPermMap.getId());
}
- xaBizUtil.createTrxLog(trxLogList);
-
+ List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String, Object>>();
- }
+ // Loop for adding group perms
+ for (VXPermMap xPermMap : xPermMapList) {
+ String groupKey = xPermMap.getPermGroup();
+ if (groupKey != null) {
+ boolean found = false;
+ for (HashMap<String, Object> sortedPermMap : sortedPermMapGroupList) {
+ if (sortedPermMap.containsValue(groupKey)) {
+ found = true;
- @Override
- public VXAsset updateXAsset(VXAsset vXAsset) {
- UserSessionBase usb = ContextUtil.getCurrentUserSession();
- if (usb != null && usb.isUserAdmin()) {
- String newConfig=vXAsset.getConfig();
- HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
- .jsonToMap(newConfig);
- String password = configMap.get("password");
- String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
- if (password != null && !password.equals(hiddenPasswordString)) {
- String defaultConfig = vXAsset.getConfig();
- defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,true);
- vXAsset.setConfig(defaultConfig);
- }
- XXAsset xAsset = rangerDaoManager.getXXAsset()
- .getById(vXAsset.getId());
-
- if (xAsset.getActiveStatus() == RangerCommonEnums.STATUS_DELETED) {
- logger.error("Trying to update Asset which is soft deleted");
- throw restErrorUtil.createRESTException(
- "Repository that you want to update does not exist.",
- MessageEnums.DATA_NOT_FOUND, xAsset.getId(), null,
- "Repository not exist for this Id : " + xAsset.getId());
- }
-
- List<XXTrxLog> trxLogList = xAssetService.getTransactionLog(
- vXAsset, xAsset, "update");
- vXAsset = (VXAsset) xAssetService.updateResource(vXAsset);
- // update default policy permission and user
- updateDefaultPolicy(vXAsset, vXAsset.getConfig());
- // TODO : Log in transaction log table
- xaBizUtil.createTrxLog(trxLogList);
- return vXAsset;
- } else {
- throw restErrorUtil.createRESTException(
- "serverMsg.modelMgrBaseUpdateModel",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
+ Long groupId = xPermMap.getGroupId();
+ Long userId = xPermMap.getUserId();
- @Override
- public void deleteXAsset(Long id, boolean force) {
- UserSessionBase usb = ContextUtil.getCurrentUserSession();
- if (usb != null && usb.isUserAdmin() && force) {
- VXAsset vxAsset = xAssetService.readResource(id);
-
- if (vxAsset.getActiveStatus() == RangerCommonEnums.STATUS_DELETED) {
- logger.error("Trying to delete Asset which is already soft deleted");
- throw restErrorUtil.createRESTException(
- "Repository not found or its already deleted, for Id : "
- + id, MessageEnums.DATA_NOT_FOUND, id, null,
- "Repository not exist for this Id : " + id);
- }
-
- SearchCriteria searchCriteria = new SearchCriteria();
- searchCriteria.addParam("assetId", id);
- VXResourceList resources = searchXResources(searchCriteria);
- if (resources != null && resources.getResultSize() != 0) {
- for (VXResource resource : resources.getList()) {
- deleteXResource(resource.getId(), true);
- }
- }
- vxAsset.setActiveStatus(RangerCommonEnums.STATUS_DELETED);
- xAssetService.updateResource(vxAsset);
- List<XXTrxLog> trxLogList = xAssetService.getTransactionLog(
- vxAsset, "delete");
- xaBizUtil.createTrxLog(trxLogList);
- } else {
- throw restErrorUtil.createRESTException(
- "serverMsg.modelMgrBaseDeleteModel",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
+ if (groupId != null) {
+ Set<String> groups = (Set<String>) sortedPermMap.get("groups");
- private void createResourcePathForHive(VXResource vXResource) {
-
- String[] databases = (vXResource.getDatabases() == null || vXResource
- .getDatabases().equalsIgnoreCase("")) ? null : stringUtil
- .split(vXResource.getDatabases(), ",");
- String[] tables = (vXResource.getTables() == null || vXResource
- .getTables().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
- vXResource.getTables(), ",");
- String[] udfs = (vXResource.getUdfs() == null || vXResource.getUdfs()
- .equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
- vXResource.getUdfs(), ",");
- String[] columns = (vXResource.getColumns() == null || vXResource
- .getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
- vXResource.getColumns(), ",");
-
- StringBuilder stringBuilder = new StringBuilder();
-
-// int resourceType = vXResource.getResourceType();
- int resourceType = xPolicyService.getResourceType(vXResource);
-
- if (databases == null) {
- logger.error("Invalid resources for hive policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resources.", MessageEnums.INVALID_INPUT_DATA);
- }
+ if(groups != null){
+ groups.add(xPermMap.getGroupName());
+ sortedPermMap.put("groups", groups);
+ }
+ } else if (userId != null) {
+ Set<String> users = (Set<String>) sortedPermMap.get("users");
- switch (resourceType) {
+ if (users != null) {
+ users.add(xPermMap.getUserName());
+ sortedPermMap.put("users", users);
+ }
+ }
- case AppConstants.RESOURCE_COLUMN:
- for (String column : columns) {
- for (String table : tables) {
- for (String database : databases) {
- stringBuilder.append("/" + database + "/" + table + "/"
- + column + ",");
+ Set<String> access = (Set<String>) sortedPermMap
+ .get("access");
+ String perm = AppConstants
+ .getLabelFor_XAPermType(xPermMap.getPermType());
+ access.add(perm);
+ sortedPermMap.put("access", access);
}
}
- }
- break;
-
- case AppConstants.RESOURCE_TABLE:
- for (String table : tables) {
- for (String database : databases) {
- stringBuilder.append("/" + database + "/" + table + ",");
- }
- }
- break;
-
- case AppConstants.RESOURCE_UDF:
- for (String udf : udfs) {
- for (String database : databases) {
- stringBuilder.append("/" + database + "/" + udf + ",");
- }
- }
-
- break;
-
- case AppConstants.RESOURCE_DB:
- for (String database : databases) {
- stringBuilder.append("/" + database + ",");
- }
- break;
-
- default:
- logger.error("Invalid resource type : " + resourceType
- + " for hive policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resource type.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- int lastIndexOfSeperator = stringBuilder.lastIndexOf(",");
- if (lastIndexOfSeperator > 0) {
- String name = stringBuilder.substring(0,
- stringBuilder.lastIndexOf(","));
- vXResource.setName(name);
- } else {
- vXResource.setName(stringBuilder.toString());
- }
- }
-
- private void createResourcePathForHbase(VXResource vXResource) {
-
- String[] tables = (vXResource.getTables() == null || vXResource
- .getTables().equalsIgnoreCase("")) ? null : stringUtil.split(
- vXResource.getTables(), ",");
- String[] columnFamilies = (vXResource.getColumnFamilies() == null || vXResource
- .getColumnFamilies().equalsIgnoreCase("")) ? new String[0] : stringUtil
- .split(vXResource.getColumnFamilies(), ",");
- String[] columns = (vXResource.getColumns() == null || vXResource
- .getColumns().equalsIgnoreCase("")) ? new String[0] : stringUtil.split(
- vXResource.getColumns(), ",");
-
- StringBuilder stringBuilder = new StringBuilder();
-
-// int resourceType = vXResource.getResourceType();
- int resourceType = xPolicyService.getResourceType(vXResource);
-
- if (tables == null) {
- logger.error("Invalid resources for hbase policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resources.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- switch (resourceType) {
-
- case AppConstants.RESOURCE_COLUMN:
- for (String column : columns) {
- for (String columnFamily : columnFamilies) {
- for (String table : tables) {
- stringBuilder.append("/" + table + "/" + columnFamily
- + "/" + column + ",");
- }
- }
- }
- break;
-
- case AppConstants.RESOURCE_COL_FAM:
- for (String columnFamily : columnFamilies) {
- for (String table : tables) {
- stringBuilder
- .append("/" + table + "/" + columnFamily + ",");
- }
- }
- break;
-
- case AppConstants.RESOURCE_TABLE:
- for (String table : tables) {
- stringBuilder.append("/" + table + ",");
- }
- break;
-
- default:
- logger.error("Invalid resource type : " + resourceType
- + " for hbase policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resource type.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- int lastIndexOfSeperator = stringBuilder.lastIndexOf(",");
- if (lastIndexOfSeperator > 0) {
- String name = stringBuilder.substring(0,
- stringBuilder.lastIndexOf(","));
- vXResource.setName(name);
- } else {
- vXResource.setName(stringBuilder.toString());
- }
- }
- private void createResourcePathForKnox(VXResource vXResource) {
-
- String[] topologies = (vXResource.getTopologies() == null || vXResource
- .getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split(
- vXResource.getTopologies(), ",");
- String[] serviceNames = (vXResource.getServices() == null || vXResource
- .getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil
- .split(vXResource.getServices(), ",");
-
- StringBuilder stringBuilder = new StringBuilder();
-
-// int resourceType = vXResource.getResourceType();
- int resourceType = xPolicyService.getResourceType(vXResource);
-
- if (topologies == null) {
- logger.error("Invalid resources for knox policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resources.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- switch (resourceType) {
-
- case AppConstants.RESOURCE_SERVICE_NAME:
- for (String serviceName : serviceNames) {
- for (String topology : topologies) {
- stringBuilder
- .append("/" + topology + "/" + serviceName + ",");
- }
- }
- break;
-
- case AppConstants.RESOURCE_TOPOLOGY:
- for (String topology : topologies) {
- stringBuilder.append("/" + topology + ",");
- }
- break;
-
- default:
- logger.error("Invalid resource type : " + resourceType
- + " for hbase policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resource type.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- int lastIndexOfSeperator = stringBuilder.lastIndexOf(",");
- if (lastIndexOfSeperator > 0) {
- String name = stringBuilder.substring(0,
- stringBuilder.lastIndexOf(","));
- vXResource.setName(name);
- } else {
- vXResource.setName(stringBuilder.toString());
- }
- }
- private void createResourcePathForStorm(VXResource vXResource) {
-
- String[] topologies = (vXResource.getTopologies() == null || vXResource
- .getTopologies().equalsIgnoreCase("")) ? null : stringUtil.split(
- vXResource.getTopologies(), ",");
-
- String[] serviceNames = (vXResource.getServices() == null || vXResource
- .getServices().equalsIgnoreCase("")) ? new String[0] : stringUtil
- .split(vXResource.getServices(), ",");
-
- StringBuilder stringBuilder = new StringBuilder();
-
-// int resourceType = vXResource.getResourceType();
- int resourceType = xPolicyService.getResourceType(vXResource);
-
- if (topologies == null) {
- logger.error("Invalid resources for Storm policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resources.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- switch (resourceType) {
-
- case AppConstants.RESOURCE_TOPOLOGY:
- for (String topology : topologies) {
- stringBuilder.append("/" + topology + ",");
- }
- break;
-
- case AppConstants.RESOURCE_SERVICE_NAME:
- for (String serviceName : serviceNames) {
- for (String topology : topologies) {
- stringBuilder.append("/" + topology + "/" + serviceName + ",");
- }
- }
- break;
-
- default:
- logger.error("Invalid resource type : " + resourceType
- + " for Storm policy.");
- throw restErrorUtil.createRESTException("Please provide the"
- + " valid resource type.", MessageEnums.INVALID_INPUT_DATA);
- }
-
- int lastIndexOfSeperator = stringBuilder.lastIndexOf(",");
- if (lastIndexOfSeperator > 0) {
- String name = stringBuilder.substring(0,
- stringBuilder.lastIndexOf(","));
- vXResource.setName(name);
- } else {
- vXResource.setName(stringBuilder.toString());
- }
- }
- @SuppressWarnings("unchecked")
- private HashMap<String, Object> populatePermMap(VXResource xResource,
- HashMap<String, Object> resourceMap, int assetType) {
- List<VXPermMap> xPermMapList = xResource.getPermMapList();
-
- Set<Long> groupList = new HashSet<Long>();
- for (VXPermMap xPermMap : xPermMapList) {
- groupList.add(xPermMap.getId());
- }
-
- List<HashMap<String, Object>> sortedPermMapGroupList = new ArrayList<HashMap<String, Object>>();
-
- // Loop for adding group perms
- for (VXPermMap xPermMap : xPermMapList) {
- String groupKey = xPermMap.getPermGroup();
- if (groupKey != null) {
- boolean found = false;
- for (HashMap<String, Object> sortedPermMap : sortedPermMapGroupList) {
- if (sortedPermMap.containsValue(groupKey)) {
- found = true;
-
- Long groupId = xPermMap.getGroupId();
- Long userId = xPermMap.getUserId();
-
- if (groupId != null) {
- Set<String> groups = (Set<String>) sortedPermMap.get("groups");
-
- if(groups != null){
- groups.add(xPermMap.getGroupName());
- sortedPermMap.put("groups", groups);
- }
- } else if (userId != null) {
- Set<String> users = (Set<String>) sortedPermMap.get("users");
-
- if (users != null) {
- users.add(xPermMap.getUserName());
- sortedPermMap.put("users", users);
- }
- }
-
- Set<String> access = (Set<String>) sortedPermMap
- .get("access");
- String perm = AppConstants
- .getLabelFor_XAPermType(xPermMap.getPermType());
- access.add(perm);
- sortedPermMap.put("access", access);
- }
- }
- if (!found) {
- HashMap<String, Object> sortedPermMap = new HashMap<String, Object>();
- sortedPermMap.put("groupKey", xPermMap.getPermGroup());
+ if (!found) {
+ HashMap<String, Object> sortedPermMap = new HashMap<String, Object>();
+ sortedPermMap.put("groupKey", xPermMap.getPermGroup());
Set<String> permSet = new HashSet<String>();
String perm = AppConstants.getLabelFor_XAPermType(xPermMap
@@ -1593,17 +590,6 @@ public class AssetMgr extends AssetMgrBase {
return "0"; // BOOL_FALSE
}
- public void updateDefaultPolicy(VXAsset vXAsset, String config) {
- int assetType = vXAsset.getAssetType();
- Map<String, String> configMap = jsonUtil.jsonToMap(config);
- String userName = stringUtil.getValidUserName(configMap.get("username"));
- VXResource vxResource = fetchDefaultPolicyForAsset(vXAsset.getId(),
- assetType);
- if (vxResource != null) {
- UpdateDefaultPolicyUserAndPerm(vxResource, userName);
- }
- }
-
public void UpdateDefaultPolicyUserAndPerm(VXResource vXResource,
String userName) {
if (userName != null && !userName.isEmpty()) {
@@ -1643,43 +629,6 @@ public class AssetMgr extends AssetMgrBase {
}
- public VXResource fetchDefaultPolicyForAsset(Long assetId, int assetType) {
- String resourceName = "";
- List<XXResource> xxResourceList = new ArrayList<XXResource>();
- if (assetType == AppConstants.ASSET_HDFS) {
- resourceName = "/*";
- xxResourceList = rangerDaoManager.getXXResource()
- .findByResourceNameAndAssetIdAndRecursiveFlag(resourceName,
- assetId, AppConstants.BOOL_TRUE);
- } else if (assetType == AppConstants.ASSET_HIVE) {
- resourceName = "/*/*/*";
- xxResourceList = rangerDaoManager.getXXResource()
- .findByResourceNameAndAssetIdAndResourceType(resourceName,
- assetId, AppConstants.RESOURCE_UNKNOWN);
- } else if (assetType == AppConstants.ASSET_HBASE) {
- resourceName = "/*/*/*";
- xxResourceList = rangerDaoManager.getXXResource()
- .findByResourceNameAndAssetIdAndResourceType(resourceName,
- assetId, AppConstants.RESOURCE_UNKNOWN);
- }
- if (xxResourceList == null) {
- return null;
- }
- XXResource xxResource = null;
- for (XXResource resource : xxResourceList) {
- if (resource.getName().equals(resourceName)) {
- xxResource = resource;
- break;
- }
- }
-
- if (xxResource != null) {
- return xResourceService.populateViewBean(xxResource);
- }
- return null;
-
- }
-
public XXPolicyExportAudit createPolicyAudit(
final XXPolicyExportAudit xXPolicyExportAudit) {
TransactionTemplate txTemplate = new TransactionTemplate(txManager);
@@ -1898,838 +847,4 @@ public class AssetMgr extends AssetMgrBase {
}
return xPolicyExportAuditService.searchXPolicyExportAudits(searchCriteria);
}
-
- public VXAsset getXAsset(Long id){
- UserSessionBase currentUserSession = ContextUtil
- .getCurrentUserSession();
- VXAsset vXAsset=null;
- if (currentUserSession.isUserAdmin()) {
- vXAsset = xAssetService.readResource(id);
- if (vXAsset.getActiveStatus() == RangerCommonEnums.STATUS_DELETED) {
- logger.error("Trying to read Asset which is soft deleted");
- throw restErrorUtil.createRESTException(
- "Repository not found for this Id : " + id,
- MessageEnums.DATA_NOT_FOUND, id, null,
- "Repository does not exist for this Id : " + id);
- }
- }else{
- XXAsset xXAsset=rangerDaoManager.getXXAsset().getById(id);
-
- if (xXAsset.getActiveStatus() == RangerCommonEnums.STATUS_DELETED) {
- logger.error("Trying to read Asset which is soft deleted");
- throw restErrorUtil.createRESTException(
- "Repository not found for this Id : " + id,
- MessageEnums.DATA_NOT_FOUND, id, null,
- "Repository does not exist for this Id : " + id);
- }
-
- vXAsset=xAssetService.populateViewBean(xXAsset);
- /*List<XXResource> xXResourceList=rangerDaoManager
- .getXXResource().findByAssetId(id);
- for (XXResource xXResource : xXResourceList) {
- VXResponse vXResponse = xaBizUtil.hasPermission(xResourceService.populateViewBean(xXResource),
- AppConstants.XA_PERM_TYPE_ADMIN);
- if(vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS){
- XXAsset xXAsset=rangerDaoManager.getXXAsset().getById(id);
- vXAsset=xAssetService.populateViewBean(xXAsset);
- break;
- }
- }*/
- }
- return vXAsset;
- }
-
- private void createDefaultUDFPolicy(VXAsset vXAsset, String config) {
- int assetType = vXAsset.getAssetType();
- if (assetType != AppConstants.ASSET_HIVE) {
- return ;
- }
- Map<String, String> configMap = jsonUtil.jsonToMap(config);
- String userName = stringUtil.getValidUserName(configMap.get("username"));
- VXResource vXResource = new VXResource();
- vXResource.setAssetId(vXAsset.getId());
- vXResource.setAssetName(vXAsset.getName());
- vXResource.setResourceStatus(AppConstants.STATUS_ENABLED);
- String tempPolicyName=vXAsset.getName()+"-"+2+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- if (assetType == AppConstants.ASSET_HIVE) {
- vXResource.setDatabases("*");
- vXResource.setTables("");
- vXResource.setColumns("");
- vXResource.setUdfs("*");
- vXResource.setName("/*/*");
- vXResource.setResourceType(AppConstants.RESOURCE_UDF);
- }
- vXResource = xResourceService.createResource(vXResource);
- if (userName != null && !userName.isEmpty()) {
- XXUser xxUser = rangerDaoManager.getXXUser().findByUserName(userName);
- VXUser vXUser;
- if (xxUser != null) {
- vXUser = xUserService.populateViewBean(xxUser);
- } else {
- vXUser = new VXUser();
- vXUser.setName(userName);
- vXUser.setUserSource(RangerCommonEnums.USER_EXTERNAL);
- vXUser=xUserMgr.createXUser(vXUser);
- //vXUser = xUserService.createResource(vXUser);
- }
- Random rand = new Random();
- String permGrp = new Date() + " : " + rand.nextInt(9999);
-
- VXPermMap vXPermMap = new VXPermMap();
- vXPermMap.setUserId(vXUser.getId());
- vXPermMap.setResourceId(vXResource.getId());
- vXPermMap.setPermGroup(permGrp);
- xPermMapService.createResource(vXPermMap);
- }
- VXAuditMap vXAuditMap = new VXAuditMap();
- vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
- vXAuditMap.setResourceId(vXResource.getId());
- vXAuditMap = xAuditMapService.createResource(vXAuditMap);
- vXResource=xResourceService.readResource(vXResource.getId());
- List<VXPermMap> permMapList = vXResource.getPermMapList();
- List<VXAuditMap> auditMapList = vXResource.getAuditList();
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vXResource, "create");
- for (VXPermMap vXPermMap : permMapList) {
- trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap,
- "create"));
- }
- for (VXAuditMap vXAuditMapObj : auditMapList) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMapObj,
- "create"));
- }
- xaBizUtil.createTrxLog(trxLogList);
- }
-
- public boolean isValidHttpsAuthentication(String repository,
- X509Certificate[] certchain, boolean httpEnabled,
- String ipAddress, boolean isSecure) {
- boolean isValidAuthentication=false;
- if (repository == null || repository.isEmpty()) {
- logger.error("Repository name not provided");
- throw restErrorUtil.createRESTException("Unauthorized access.",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(repository);
- if(xAsset==null){
- logger.error("Requested repository not found");
- throw restErrorUtil.createRESTException("No Data Found.",
- MessageEnums.DATA_NOT_FOUND);
- }
- if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){
- logger.error("Requested repository is disabled");
- throw restErrorUtil.createRESTException("Unauthorized access.",
- MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
- }
- if (!httpEnabled) {
- if (!isSecure) {
- throw restErrorUtil.createRESTException("Unauthorized access -"
- + " only https allowed",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- if (certchain == null || certchain.length == 0) {
- throw restErrorUtil.createRESTException("Unauthorized access -"
- + " unable to get client certificate",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
- String commonName = null;
- if (certchain != null) {
- X509Certificate clientCert = certchain[0];
- String dn = clientCert.getSubjectX500Principal().getName();
- try {
- LdapName ln = new LdapName(dn);
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("CN")) {
- commonName = rdn.getValue() + "";
- break;
- }
- }
- if (commonName == null) {
- throw restErrorUtil.createRESTException(
- "Unauthorized access - Unable to find Common Name from ["
- + dn + "]",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- } catch (InvalidNameException e) {
- logger.error("Invalid Common Name.", e);
- throw restErrorUtil.createRESTException(
- "Unauthorized access - Invalid Common Name",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
- if (commonName != null) {
- String config = xAsset.getConfig();
- Map<String, String> configMap = jsonUtil.jsonToMap(config);
- String cnFromConfig = configMap.get("commonNameForCertificate");
- if (cnFromConfig == null
- || !commonName.equalsIgnoreCase(cnFromConfig)) {
- throw restErrorUtil.createRESTException(
- "Unauthorized access. expected [" + cnFromConfig
- + "], found [" + commonName + "]",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
- isValidAuthentication=true;
- return isValidAuthentication;
- }
-
- public VXResource grantXResource(VXResource vXResource,VXPolicy vXPolicy) {
- if(vXResource==null){
- return vXResource;
- }
-
- //checks user exists or not
- XXUser xUser = rangerDaoManager.getXXUser().findByUserName(vXResource.getOwner());
- if(xUser==null){
- throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- XXPortalUser xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vXResource.getOwner());
- if(xXPortalUser==null){
- throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- //checks repository exists or not
- XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(vXResource.getAssetName());
- if (xAsset == null) {
- logger.error("Repository not found for asset : " + vXResource.getAssetName());
- throw restErrorUtil.createRESTException("Repository for which"
- + " the policy is created, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
- }
- //checks repository active or not
- if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){
- logger.error("Trying to create/update policy in disabled repository");
- throw restErrorUtil.createRESTException("Resource "
- + "creation/updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
-
- }
- vXResource.setAssetId(xAsset.getId());
- vXResource.setAssetType(xAsset.getAssetType());
- //create resource name/path for HIVE/Hbase policy.
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- createResourcePathForHive(vXResource);
- vXResource.setIsRecursive(0);
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- createResourcePathForHbase(vXResource);
- vXResource.setIsRecursive(0);
- }else{
- logger.error("Invalid repository for grant operation" );
- throw restErrorUtil.createRESTException(vXResource.getAssetName() +" is not a "
- + " valid repository for grant operation",MessageEnums.OPER_NO_PERMISSION);
- }
-
- //check whether resource contains multiple path or not
- if(!stringUtil.isEmpty(vXResource.getName())){
- String[] resources=vXResource.getName().trim().split(",");
- if(resources!=null && resources.length>1){
- logger.error("More than one resource found for grant operation in policy : " + vXResource.getName());
- throw restErrorUtil.createRESTException("We did not find exact match for this resource : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
- }
- }else{
- throw restErrorUtil.createRESTException("Invalid Resource Name : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
- }
-
- //checks user is admin in resource or not
- List<XXResource> xResourceList=rangerDaoManager.getXXResource().findByAssetId(xAsset.getId());
- if(xResourceList!=null){
- boolean isAdmin=false;
- List<XXPortalUserRole> xXPortalUserRoleList = rangerDaoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId());
- if(xXPortalUserRoleList!=null && xXPortalUserRoleList.size()>0){
- for(XXPortalUserRole xXPortalUserRole: xXPortalUserRoleList){
- if(xXPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)){
- isAdmin=true;
- break;
- }
- }
- }
-
- if(!isAdmin){
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- String[] requestResNameList = vXResource.getName().trim().split(",");
- if (stringUtil.isEmpty(vXResource.getUdfs())) {
- int reqTableType = vXResource.getTableType();
- int reqColumnType = vXResource.getColumnType();
- for (String resourceName : requestResNameList) {
- isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN,reqTableType,reqColumnType, false);
- if (isAdmin) {
- break;
- }
- }
- } else {
- for (String resourceName : requestResNameList) {
- isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
- if (isAdmin) {
- break;
- }
- }
- }
- }else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- isAdmin=xaBizUtil.matchHbasePolicy(vXResource.getName(),xResourceList,null, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
- }
- }
- if (!isAdmin) {
- throw restErrorUtil.createRESTException("You're not permitted to perform "
- + "grant operation for resource path : " + vXResource.getName(),MessageEnums.OPER_NO_PERMISSION);
- }
- }
- xResourceList=null;//explicit
- //check whether resource exist or not
- SearchCriteria searchCriteria=new SearchCriteria();
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
- searchCriteria.getParamList().put("udfs", vXResource.getUdfs());
- searchCriteria.getParamList().put("tableType", vXResource.getTableType());
- searchCriteria.getParamList().put("columnType", vXResource.getColumnType());
- }else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
- }
-
- VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- searchCriteria=null;
- //generate policy name if resource does not exist
- if(vXResourceList==null || vXResourceList.getListSize()==0){
- int tempPoliciesCount=0;
- String tempPolicyName=null;
- VXResourceList vXResourceListTemp=null;
- if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- vXResourceListTemp=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- if(vXResourceListTemp!=null && vXResourceListTemp.getListSize()>0){
- tempPoliciesCount=vXResourceListTemp.getListSize();
- }
- vXResourceListTemp=null;
- while(true){
- tempPoliciesCount++;
- tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
- vXResource.setPolicyName(tempPolicyName);
- searchCriteria=new SearchCriteria();
- searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
- vXResourceListTemp=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- //if policy name not exist then list will be empty and generated policyname will valid
- if(vXResourceListTemp==null|| vXResourceListTemp.getListSize()==0){
- break;
- }
- }
- }
- }else{
- for(VXResource vXResourceDB:vXResourceList.getVXResources()){
- if(vXResourceDB!=null){
- vXResource.setId(vXResourceDB.getId());
- vXResource.setPolicyName(vXResourceDB.getPolicyName());
- break;
- }
- }
- }
-
- //update addedby and updated by in permmap and auditmap
- List<VXPermMap> permMapList=vXResource.getPermMapList();
- List<VXAuditMap> auditMapList = vXResource.getAuditList();
- VXPermMap vXPermMapTemp=null;
- VXAuditMap vXAuditMapTemp=null;
- XXUser xxUser=null;
- XXGroup xxGroup=null;
- for (int i=0;i< permMapList.size();i++) {
- vXPermMapTemp=permMapList.get(i);
- if(vXPermMapTemp==null){
- continue;
- }
- if(stringUtil.isEmpty(vXPermMapTemp.getOwner())){
- vXPermMapTemp.setOwner(vXResource.getOwner());
- }
- if(stringUtil.isEmpty(vXPermMapTemp.getUpdatedBy())){
- vXPermMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
- }
- if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- if(vXPermMapTemp.getUserId()==null && !stringUtil.isEmpty(vXPermMapTemp.getUserName())){
- xxUser = rangerDaoManager.getXXUser().findByUserName(vXPermMapTemp.getUserName());
- if (xxUser != null) {
- vXPermMapTemp.setUserId(xxUser.getId());
- } else{
- throw restErrorUtil.createRESTException("User : "+ vXPermMapTemp.getUserName() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- }
- }
- if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- if(vXPermMapTemp.getGroupId()==null && !stringUtil.isEmpty(vXPermMapTemp.getGroupName())){
- xxGroup = rangerDaoManager.getXXGroup().findByGroupName(
- vXPermMapTemp.getGroupName());
- if (xxGroup != null) {
- vXPermMapTemp.setGroupId(xxGroup.getId());
- }else{
- throw restErrorUtil.createRESTException("Group : "+ vXPermMapTemp.getGroupName() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- }
- }
- permMapList.set(i, vXPermMapTemp);
- }
- for (int i=0;i< auditMapList.size();i++) {
- vXAuditMapTemp=auditMapList.get(i);
- if(vXAuditMapTemp!=null && stringUtil.isEmpty(vXAuditMapTemp.getOwner())){
- vXAuditMapTemp.setOwner(vXResource.getOwner());
- }
- if(vXAuditMapTemp!=null && stringUtil.isEmpty(vXAuditMapTemp.getUpdatedBy())){
- vXAuditMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
- }
- auditMapList.set(i, vXAuditMapTemp);
- }
- vXResource.setPermMapList(permMapList);
- vXResource.setAuditList(auditMapList);
-
- //create
- List<XXTrxLog> trxLogList=null ;
- if(vXResourceList==null || vXResourceList.getListSize()==0){
- vXResource = xResourceService.createResource(vXResource);
- List<VXPermMap> newPermMapList = vXResource.getPermMapList();
- List<VXAuditMap> newAuditMapList = vXResource.getAuditList();
- trxLogList= xResourceService.getTransactionLog(vXResource, "create");
- for (VXPermMap vXPermMap : newPermMapList) {
- trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap,
- "create"));
- }
- for (VXAuditMap vXAuditMap : newAuditMapList) {
- trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMap,
- "create"));
- }
- }
-
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- //replace perm map if true
- if(vXPolicy.isReplacePerm()){
- XXResource xXResource = rangerDaoManager.getXXResource().getById(vXResource.getId());
- VXResource vXResourceDBObj=xResourceService.populateViewBean(xXResource);
- List<XXTrxLog> trxLogListDelete = xResourceService.getTransactionLog(
- vXResourceDBObj, xXResource, "delete");
- List<VXPermMap> permMapListtoDelete=vXResourceDBObj.getPermMapList();
- List<String> permMapDeleteKeys=new ArrayList<String>();
- String userKey=null;
- for(VXPermMap permMapTemp :permMapList){
- if(permMapTemp==null||permMapTemp.getPermFor()==0||(permMapTemp.getUserId()==null && permMapTemp.getGroupId()==null)){
- continue;
- }
- userKey=null;
- if(permMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- userKey=permMapTemp.getPermFor()+"_"+permMapTemp.getUserId();
- }
- if(permMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- userKey=permMapTemp.getPermFor()+"_"+permMapTemp.getGroupId();
- }
- if(!permMapDeleteKeys.contains(userKey) && !stringUtil.isEmpty(userKey)){
- permMapDeleteKeys.add(userKey);
- }
- }
-
- if(permMapListtoDelete != null) {
- for (VXPermMap permMap : permMapListtoDelete) {
- if(permMap==null || permMap.getPermFor()==0 || (permMap.getUserId()==null && permMap.getGroupId()==null)){
- continue;
- }
- userKey=null;
- if(permMap.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- userKey=permMap.getPermFor()+"_"+permMap.getUserId();
- }
- if(permMap.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- userKey=permMap.getPermFor()+"_"+permMap.getGroupId();
- }
- if(permMapDeleteKeys.contains(userKey)){
- xPermMapService.deleteResource(permMap.getId());
- trxLogListDelete.addAll(xPermMapService.getTransactionLog(permMap,"delete"));
- }
- }//permission deletion processing end
- xaBizUtil.createTrxLog(trxLogListDelete);
- }
- }
- }
-
- //update case
- if(vXResourceList!=null && vXResourceList.getListSize()>0){
- XXResource xXResource = rangerDaoManager.getXXResource().getById(vXResource.getId());
- vXResource.setCreateDate(xXResource.getCreateTime());
- vXResource.setUpdateDate(xXResource.getUpdateTime());
- trxLogList = xResourceService.getTransactionLog(vXResource, xXResource, "update");
- //VXResource resource = super.updateXResource(vXResource);
- searchCriteria = new SearchCriteria();
- searchCriteria.addParam("resourceId", vXResource.getId());
- VXPermMapList prevPermMaps = xPermMapService.searchXPermMaps(searchCriteria);
- List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>();
- List<VXPermMap> newPermMapList = vXResource.getPermMapList();
- List<VXPermMap> permMapsAdded = new ArrayList<VXPermMap>();
- //List<VXAuditMap> prevAuditMapList = new ArrayList<VXAuditMap>();
- if (prevPermMaps != null) {
- prevPermMapList = prevPermMaps.getVXPermMaps();
- }
- // permission deletion processing start
- String newKey=null;
- String oldKey=null;
- boolean isFound=false;
- VXPermMap newObj=null;
- VXPermMap oldObj =null;
- if (newPermMapList != null && prevPermMapList!=null) {
- for (int i=0;i<newPermMapList.size();i++) {
- newObj=newPermMapList.get(i);
- newObj.setResourceId(vXResource.getId());
- isFound=false;
- if(newObj==null||newObj.getResourceId()==null||newObj.getPermFor()==0||newObj.getPermType()==0 || (newObj.getUserId()==null&&newObj.getGroupId()==null)){
- continue;
- }
- newKey=null;
- if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getUserId()+"_"+newObj.getPermType();
- }
- if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getGroupId()+"_"+newObj.getPermType();
- }
- isFound=false;
- oldObj =null;
- for (int j=0;j<prevPermMapList.size();j++) {
- oldObj=prevPermMapList.get(j);
- if(oldObj==null||oldObj.getResourceId()==null||oldObj.getPermFor()==0||oldObj.getPermType()==0|| (oldObj.getUserId()==null&&oldObj.getGroupId()==null)){
- continue;
- }
- oldKey=null;
- if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getUserId()+"_"+oldObj.getPermType();
- }
- if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getGroupId()+"_"+oldObj.getPermType();
- }
- if(stringUtil.isEmpty(newKey)|| stringUtil.isEmpty(oldKey)){
- continue;
- }
- if(newKey.equals(oldKey)){
- isFound=true;
- break;
- }
- }//inner for
- if(!isFound){
- newObj = xPermMapService.createResource(newObj);
- trxLogList.addAll(xPermMapService.getTransactionLog(newObj,"create"));
- permMapsAdded.add(newObj);
- }
- }//outer for
- }// delete permissions list populate end
- else{
- throw restErrorUtil.createRESTException("No permission list received for with current grant request",MessageEnums.DATA_NOT_FOUND);
- }
- if(prevPermMapList!=null && permMapsAdded!=null){
- for(VXPermMap vXPermMap:permMapsAdded){
- prevPermMapList.add(vXPermMap);
- }
- if(permMapsAdded.size()>0){
- vXResource.setUpdateDate(DateUtil.getUTCDate());
- }
- }
- vXResource.setPermMapList(prevPermMapList);
- //resource.setAuditList(prevAuditMapList);
- }//update close
-
- //update addedby and updatedby for trx log
- XXTrxLog xXTrxLog=null;
- if(trxLogList!=null){
- for (int i=0;i< trxLogList.size();i++) {
- xXTrxLog=trxLogList.get(i);
- if(xXTrxLog!=null){
- if(xXTrxLog.getAddedByUserId()==null || xXTrxLog.getAddedByUserId()==0){
- xXTrxLog.setAddedByUserId(xXPortalUser.getId());
- }
- if(xXTrxLog.getUpdatedByUserId()==null || xXTrxLog.getUpdatedByUserId()==0){
- xXTrxLog.setUpdatedByUserId(xXPortalUser.getId());
- }
- }
- trxLogList.set(i, xXTrxLog);
- }
- }
- xaBizUtil.createTrxLog(trxLogList);
-
- return vXResource;
- }
-
- public VXResource revokeXResource(VXResource vXResource) {
- if(vXResource==null){
- return vXResource;
- }
- //checks user exists or not
- XXUser xUser = rangerDaoManager.getXXUser().findByUserName(vXResource.getOwner());
- if(xUser==null){
- throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- XXPortalUser xXPortalUser= rangerDaoManager.getXXPortalUser().findByLoginId(vXResource.getOwner());
- if(xXPortalUser==null){
- throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
-
- //checks repository exists or not
- XXAsset xAsset = rangerDaoManager.getXXAsset().findByAssetName(vXResource.getAssetName());
- if (xAsset == null) {
- logger.error("Repository not found for asset : " + vXResource.getAssetName());
- throw restErrorUtil.createRESTException("Repository for which"
- + " the policy is created, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
- }
- //checks repository active or not
- if(xAsset.getActiveStatus()==RangerCommonEnums.ACT_STATUS_DISABLED){
- logger.error("Trying to delete policy in disabled repository");
- throw restErrorUtil.createRESTException("revoke "
- + " not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
-
- }
- vXResource.setAssetId(xAsset.getId());
- vXResource.setAssetType(xAsset.getAssetType());
- //create resource name/path for HIVE/Hbase policy.
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- createResourcePathForHive(vXResource);
- } else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- createResourcePathForHbase(vXResource);
- }else{
- logger.error("Invalid repository type for grant operation : ");
- throw restErrorUtil.createRESTException(vXResource.getAssetName() +" is not a "
- + " valid repository for revoke operation",MessageEnums.OPER_NO_PERMISSION);
- }
-
- //check whether resource exist or not
- SearchCriteria searchCriteria=new SearchCriteria();
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
- searchCriteria.getParamList().put("udfs", vXResource.getUdfs());
- searchCriteria.getParamList().put("tableType", vXResource.getTableType());
- searchCriteria.getParamList().put("columnType", vXResource.getColumnType());
- }else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
- searchCriteria.getParamList().put("fullname", vXResource.getName());
- }
-
- VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
- //throw error if resource does not exist
- if(vXResourceList==null || vXResourceList.getListSize()==0){
- logger.error("Resource path not found : " + vXResource.getName());
- throw restErrorUtil.createRESTException("Resource for which"
- + " revoke is requested, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
- }else{
- for(VXResource vXResourceDB:vXResourceList.getVXResources()){
- if(vXResourceDB!=null){
- vXResource.setId(vXResourceDB.getId());
- vXResource.setPolicyName(vXResourceDB.getPolicyName());
- break;
- }
- }
- }
- //check whether resource contains multiple path or not
- if(!stringUtil.isEmpty(vXResource.getName())){
- String[] resources=vXResource.getName().trim().split(",");
- if(resources!=null && resources.length>1){
- logger.error("More than one resource found for revoke operation in policy : " + vXResource.getName());
- throw restErrorUtil.createRESTException("We did not find exact match for this resource : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
- }
- }else{
- throw restErrorUtil.createRESTException("Invalid Resource Name : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
- }
-
- //checks grantor is admin in resource or not
- List<XXPortalUserRole> xXPortalUserRoleList = rangerDaoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId());
- List<XXResource> xResourceList=rangerDaoManager.getXXResource().findByAssetId(xAsset.getId());
- if(xResourceList!=null){
- boolean isAdmin=false;
- if(xXPortalUserRoleList!=null && xXPortalUserRoleList.size()>0){
- for(XXPortalUserRole xXPortalUserRole: xXPortalUserRoleList){
- if(xXPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)){
- isAdmin=true;
- break;
- }
- }
- }
- if(!isAdmin){
- if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
- String[] requestResNameList = vXResource.getName().trim().split(",");
- if (stringUtil.isEmpty(vXResource.getUdfs())) {
- int reqTableType = vXResource.getTableType();
- int reqColumnType = vXResource.getColumnType();
- for (String resourceName : requestResNameList) {
- isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN,reqTableType,reqColumnType, false);
- if (isAdmin) {
- break;
- }
- }
- } else {
- for (String resourceName : requestResNameList) {
- isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
- if (isAdmin) {
- break;
- }
- }
- }
- }else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
- isAdmin=xaBizUtil.matchHbasePolicy(vXResource.getName(),xResourceList,null, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
- }
- }
- if (!isAdmin) {
- throw restErrorUtil.createRESTException("You're not permitted to perform "
- + "revoke operation for resource path : " + vXResource.getName(),MessageEnums.OPER_NO_PERMISSION);
- }
- }
-
- //update addedby and updated by in permmap and auditmap
- List<VXPermMap> permMapList = vXResource.getPermMapList();
- if(permMapList==null || permMapList.size()==0){
- throw restErrorUtil.createRESTException("No permission list received for with current revoke request",MessageEnums.DATA_NOT_FOUND);
- }
- VXPermMap vXPermMapTemp=null;
- XXUser xxUser =null;
- XXGroup xxGroup =null;
- for (int i=0;i< permMapList.size();i++) {
- vXPermMapTemp=permMapList.get(i);
- if(vXPermMapTemp!=null){
- vXPermMapTemp.setResourceId(vXResource.getId());
- if(stringUtil.isEmpty(vXPermMapTemp.getOwner())){
- vXPermMapTemp.setOwner(vXResource.getOwner());
- }
- if(stringUtil.isEmpty(vXPermMapTemp.getUpdatedBy())){
- vXPermMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
- }
- if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- if(vXPermMapTemp.getUserId()==null && !stringUtil.isEmpty(vXPermMapTemp.getUserName())){
- xxUser = rangerDaoManager.getXXUser().findByUserName(vXPermMapTemp.getUserName());
- if (xxUser != null) {
- vXPermMapTemp.setUserId(xxUser.getId());
- } else{
- throw restErrorUtil.createRESTException("User : "+ vXPermMapTemp.getUserName() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- }
- }
- if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- if(vXPermMapTemp.getGroupId()==null && !stringUtil.isEmpty(vXPermMapTemp.getGroupName())){
- xxGroup = rangerDaoManager.getXXGroup().findByGroupName(
- vXPermMapTemp.getGroupName());
- if (xxGroup != null) {
- vXPermMapTemp.setGroupId(xxGroup.getId());
- }else{
- throw restErrorUtil.createRESTException("Group : "+ vXPermMapTemp.getGroupName() + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
- }
- }
- }
- }
- permMapList.set(i, vXPermMapTemp);
- }
- vXResource.setPermMapList(permMapList);
-
- //permission deletion preprocessing
- XXResource xResource = rangerDaoManager.getXXResource().getById(
- vXResource.getId());
- vXResource.setCreateDate(xResource.getCreateTime());
- vXResource.setUpdateDate(xResource.getUpdateTime());
- List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
- vXResource, xResource, "delete");
-
- List<VXPermMap> newPermMapList = vXResource.getPermMapList();
- List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>();
- List<VXPermMap> permMapsToDelete = new ArrayList<VXPermMap>();
- searchCriteria = new SearchCriteria();
- searchCriteria.addParam("resourceId", vXResource.getId());
- VXPermMapList prevPermMaps = xPermMapService.searchXPermMaps(searchCriteria);
- if (prevPermMaps != null) {
- prevPermMapList = prevPermMaps.getVXPermMaps();
- }
- // permission deletion processing start
- String newKey=null;
- String oldKey=null;
- boolean isFound=false;
- VXPermMap newObj=null;
- VXPermMap oldObj=null;
- if (newPermMapList != null && prevPermMapList!=null) {
- for (int i=0;i<newPermMapList.size();i++) {
- newObj=newPermMapList.get(i);
- if(newObj==null||newObj.getResourceId()==null||newObj.getPermFor()==0||newObj.getPermType()==0 || (newObj.getUserId()==null&&newObj.getGroupId()==null)){
- continue;
- }
- newKey=null;
- if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getUserId()+"_"+newObj.getPermType();
- }
- if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getGroupId()+"_"+newObj.getPermType();
- }
- isFound=false;
- oldObj=null;
- for (int j=0;j<prevPermMapList.size();j++) {
- oldObj=prevPermMapList.get(j);
- if(oldObj==null||oldObj.getResourceId()==null||oldObj.getPermFor()==0||oldObj.getPermType()==0|| (oldObj.getUserId()==null&&oldObj.getGroupId()==null)){
- continue;
- }
- oldKey=null;
- if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
- oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getUserId()+"_"+oldObj.getPermType();
- }
- if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
- oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getGroupId()+"_"+oldObj.getPermType();
- }
- if(stringUtil.isEmpty(newKey)|| stringUtil.isEmpty(oldKey)){
- continue;
- }
- if(newKey.equals(oldKey)){
- isFound=true;
- prevPermMapList.remove(j);
- break;
- }
- }//inner for
- if(oldObj!=null){
- if(isFound){
- permMapsToDelete.add(oldObj);
- }
- }
- }//outer for
- }// delete permissions list populate end
-
- for (VXPermMap permMap : permMapsToDelete) {
- if(permMap!=null){
- xPermMapService.deleteResource(permMap.getId());
- trxLogList.addAll(xPermMapService.getTransactionLog(permMap,"delete"));
- }
- }//permission deletion processing end
-
- if(permMapsToDelete.size()>0){
- vXResource.setUpdateDate(DateUtil.getUTCDate());
- }
- //update addedby and updatedby for trx log
- XXTrxLog xXTrxLog=null;
- if(trxLogList!=null){
- for (int i=0;i< trxLogList.size();i++) {
- xXTrxLog=trxLogList.get(i);
- if(xXTrxLog!=null){
- if(xXTrxLog.getAddedByUserId()==null || xXTrxLog.getAddedByUserId()==0){
- xXTrxLog.setAddedByUserId(xXPortalUser.getId());
- }
- if(xXTrxLog.getUpdatedByUserId()==null || xXTrxLog.getUpdatedByUserId()==0){
- xXTrxLog.setUpdatedByUserId(xXPortalUser.getId());
- }
- }
- trxLogList.set(i, xXTrxLog);
- }
- }
-
- xaBizUtil.createTrxLog(trxLogList);
- vXResource.setPermMapList(prevPermMapList);
-
- return vXResource;
- }
-
- @Override
- public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) {
-
- VXResourceList resList = super.searchXResources(searchCriteria);
-
- int count = resList.getListSize();
- VXLong vXLong = new VXLong();
- vXLong.setValue(count);
- return vXLong;
- }
-
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/dbc489a7/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
index 9e8a596..d9d61ed 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgrBase.java
@@ -22,29 +22,22 @@
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchCriteria;
-import org.apache.ranger.service.XAssetService;
import org.apache.ranger.service.XCredentialStoreService;
import org.apache.ranger.service.XPolicyExportAuditService;
import org.apache.ranger.service.XResourceService;
-import org.apache.ranger.view.VXAsset;
-import org.apache.ranger.view.VXAssetList;
import org.apache.ranger.view.VXCredentialStore;
import org.apache.ranger.view.VXCredentialStoreList;
import org.apache.ranger.view.VXLong;
import org.apache.ranger.view.VXPolicyExportAudit;
import org.apache.ranger.view.VXPolicyExportAuditList;
-import org.apache.ranger.view.VXResource;
-import org.apache.ranger.view.VXResourceList;
import org.springframework.beans.factory.annotation.Autowired;
+
public class AssetMgrBase {
@Autowired
RESTErrorUtil restErrorUtil;
@Autowired
- XAssetService xAssetService;
-
- @Autowired
XResourceService xResourceService;
@Autowired
@@ -52,71 +45,6 @@ public class AssetMgrBase {
@Autowired
XPolicyExportAuditService xPolicyExportAuditService;
- public VXAsset getXAsset(Long id){
- return (VXAsset)xAssetService.readResource(id);
- }
-
- public VXAsset createXAsset(VXAsset vXAsset){
- vXAsset = (VXAsset)xAssetService.createResource(vXAsset);
- return vXAsset;
- }
-
- public VXAsset updateXAsset(VXAsset vXAsset) {
- vXAsset = (VXAsset)xAssetService.updateResource(vXAsset);
- return vXAsset;
- }
-
- public void deleteXAsset(Long id, boolean force) {
- if (force) {
- xAssetService.deleteResource(id);
- } else {
- throw restErrorUtil.createRESTException(
- "serverMsg.modelMgrBaseDeleteModel",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
-
- public VXAssetList searchXAssets(SearchCriteria searchCriteria) {
- return xAssetService.searchXAssets(searchCriteria);
- }
-
- public VXLong getXAssetSearchCount(SearchCriteria searchCriteria) {
- return xAssetService.getSearchCount(searchCriteria,
- xAssetService.searchFields);
- }
-
- public VXResource getXResource(Long id){
- return (VXResource)xResourceService.readResource(id);
- }
-
- public VXResource createXResource(VXResource vXResource){
- vXResource = (VXResource)xResourceService.createResource(vXResource);
- return vXResource;
- }
-
- public VXResource updateXResource(VXResource vXResource) {
- vXResource = (VXResource)xResourceService.updateResource(vXResource);
- return vXResource;
- }
-
- public void deleteXResource(Long id, boolean force) {
- if (force) {
- xResourceService.deleteResource(id);
- } else {
- throw restErrorUtil.createRESTException(
- "serverMsg.modelMgrBaseDeleteModel",
- MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
- }
- }
-
- public VXResourceList searchXResources(SearchCriteria searchCriteria) {
- return xResourceService.searchXResources(searchCriteria);
- }
-
- public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) {
- return xResourceService.getSearchCount(searchCriteria,
- xResourceService.searchFields);
- }
public VXCredentialStore getXCredentialStore(Long id){
return (VXCredentialStore)xCredentialStoreService.readResource(id);