You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/02 08:38:10 UTC
[ranger] branch master updated (84cdf59 -> 185ca1c)
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 84cdf59 RANGER-3438: Optimized code to extract GroupPrincipals from javax Subject and used similar logic for retrieving primaryUser & impersonatedUser from Subject
new 8968eae RANGER-3435: Add unique index on guid, service and zone_id column of x_policy table
new 185ca1c RANGER-3512 : Create Java patch to update policy guid to unique value.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../optimized/current/ranger_core_db_mysql.sql | 3 +-
...raint-on-x_policy-table-guid-service-column.sql | 6 +-
.../optimized/current/ranger_core_db_oracle.sql | 3 +-
...raint-on-x_policy-table-guid-service-column.sql | 10 +-
.../optimized/current/ranger_core_db_postgres.sql | 3 +-
...raint-on-x_policy-table-guid-service-column.sql | 10 +-
.../current/ranger_core_db_sqlanywhere.sql | 4 +-
...raint-on-x_policy-table-guid-service-column.sql | 6 +-
.../optimized/current/ranger_core_db_sqlserver.sql | 5 +-
...raint-on-x_policy-table-guid-service-column.sql | 8 +-
.../java/org/apache/ranger/biz/ServiceDBStore.java | 4 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 33 +++++
...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java | 159 +++++++++++++++++++++
...ForUpdateToUniqueResoureceSignature_J10053.java | 19 ++-
.../main/resources/META-INF/jpa_named_queries.xml | 8 ++
15 files changed, 253 insertions(+), 28 deletions(-)
create mode 100644 security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
[ranger] 02/02: RANGER-3512 : Create Java patch to update policy guid to unique value.
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 185ca1ca89bb4585c773a31e505502c1ebec51c5
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Thu Dec 2 10:50:46 2021 +0530
RANGER-3512 : Create Java patch to update policy guid to unique value.
Signed-off-by: pradeep <pr...@apache.org>
---
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../java/org/apache/ranger/biz/ServiceDBStore.java | 4 +-
.../java/org/apache/ranger/db/XXPolicyDao.java | 33 +++++
...tchPreSql_057_ForUpdateToUniqueGUID_J10052.java | 159 +++++++++++++++++++++
...ForUpdateToUniqueResoureceSignature_J10053.java | 19 ++-
.../main/resources/META-INF/jpa_named_queries.xml | 8 ++
10 files changed, 226 insertions(+), 3 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index df27a9d..28d57a0 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1835,6 +1835,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10051',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10052',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10053',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',UTC_TIMESTAMP(),'Ranger 3.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 5434f58..c111a28 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -2039,6 +2039,7 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10049',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10050',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10051',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10052',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10053',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10054',sys_extract_utc(systimestamp),'Ranger 3.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 3cfdb81..854a2c6 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1983,6 +1983,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10051',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10052',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10053',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',current_timestamp,'Ranger 3.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 40dafaf..b45eace 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2395,6 +2395,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10051',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10052',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10053',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 0b24c59..adec998 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -4180,6 +4180,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10049',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10050',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10051',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10052',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10053',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10054',CURRENT_TIMESTAMP,'Ranger 3.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 59acd52..0f0291d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2171,7 +2171,9 @@ public class ServiceDBStore extends AbstractServiceStore {
List<String> policyLabels = policy.getPolicyLabels();
Set<String> uniquePolicyLabels = new TreeSet<>(policyLabels);
policy.setCreateTime(xxExisting.getCreateTime());
- policy.setGuid(xxExisting.getGuid());
+ if (StringUtils.isEmpty(policy.getGuid())) {
+ policy.setGuid(xxExisting.getGuid());
+ }
policy.setVersion(xxExisting.getVersion());
List<XXTrxLog> trxLogList = policyService.getTransactionLog(policy, xxExisting, existing, RangerPolicyService.OPERATION_UPDATE_CONTEXT);
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 3558337..b068a06 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -309,4 +309,37 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
return new ArrayList<XXPolicy>();
}
}
+
+ public List<String> findDuplicateGUIDByServiceIdAndZoneId(Long serviceId, Long zoneId) {
+ List<String> ret = ListUtils.EMPTY_LIST;
+ if(serviceId == null || zoneId == null) {
+ return ret;
+ }
+ try {
+ ret = getEntityManager().createNamedQuery("XXPolicy.findDuplicateGUIDByServiceIdAndZoneId", String.class)
+ .setParameter("serviceId", serviceId)
+ .setParameter("zoneId", zoneId)
+ .getResultList();
+
+ } catch (Exception e) {
+ }
+ return ret;
+ }
+
+ public List<XXPolicy> findPolicyByGUIDAndServiceIdAndZoneId(String guid, Long serviceId, Long zoneId) {
+ List<XXPolicy> ret = ListUtils.EMPTY_LIST;
+ if (guid == null || serviceId == null || zoneId == null) {
+ return ret;
+ }
+ try {
+ ret = getEntityManager().createNamedQuery("XXPolicy.findPolicyByGUIDAndServiceIdAndZoneId", tClass)
+ .setParameter("guid", guid)
+ .setParameter("serviceId", serviceId)
+ .setParameter("zoneId", zoneId)
+ .getResultList();
+
+ } catch (NoResultException excp) {
+ }
+ return ret;
+ }
}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
new file mode 100644
index 0000000..7e1ead7
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_057_ForUpdateToUniqueGUID_J10052.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import java.util.List;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.authorization.utils.JsonUtils;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPolicy;
+import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.PlatformTransactionManager;
+
+/**
+ * This patch will regenerate new GUID and update policies which has duplicate GUID for every service.
+ *
+ */
+@Component
+public class PatchPreSql_057_ForUpdateToUniqueGUID_J10052 extends BaseLoader {
+ private static final Logger logger = Logger.getLogger(PatchPreSql_057_ForUpdateToUniqueGUID_J10052.class);
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcStore;
+
+ @Autowired
+ GUIDUtil guidUtil;
+
+ @Autowired
+ @Qualifier(value = "transactionManager")
+ PlatformTransactionManager txManager;
+
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchPreSql_057_ForUpdateToUniqueGUID_J10052 loader = (PatchPreSql_057_ForUpdateToUniqueGUID_J10052) CLIUtil.getBean(PatchPreSql_057_ForUpdateToUniqueGUID_J10052.class);
+
+ loader.init();
+
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+
+ logger.info("Load complete. Exiting!!!");
+
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+
+ try {
+ logger.info("==> updatePolicyGUIDToUniqueValue()");
+ updatePolicyGUIDToUniqueValue();
+ } catch (Exception e) {
+ logger.error("Error while updatePolicyGUIDToUniqueValue()", e);
+ System.exit(1);
+ }
+
+ logger.info("<== updatePolicyGUIDToUniqueValue.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("runnig updatePolicyGUIDToUniqueValue ");
+ }
+
+ private void updatePolicyGUIDToUniqueValue() throws Exception {
+ logger.info("==> updatePolicyGUIDToUniqueValue() ");
+
+ List<XXSecurityZone> allXXZones = null;
+ List<XXService> allXXService = null;
+
+ allXXZones = daoMgr.getXXSecurityZoneDao().getAll();
+ allXXService = daoMgr.getXXService().getAll();
+
+ if (CollectionUtils.isNotEmpty(allXXZones) && CollectionUtils.isNotEmpty(allXXService)) {
+ logger.info("Total number of zones " + allXXZones.size() +", service :" +allXXService.size());
+ for (XXSecurityZone xSecurityZone : allXXZones) {
+ for (XXService xService : allXXService) {
+ logger.info("serching duplicate guid policies for service :" + xService.getName() + " zone : "
+ + xSecurityZone.getName());
+ List<String> duplicateGuidList = daoMgr.getXXPolicy()
+ .findDuplicateGUIDByServiceIdAndZoneId(xService.getId(), xSecurityZone.getId());
+ if (CollectionUtils.isNotEmpty(duplicateGuidList)) {
+ logger.info("Total number of duplicate GUIDs :" + duplicateGuidList.size() + " for service :"
+ + xService.getName() + " and zone :" + xSecurityZone.getName());
+ for (String guid : duplicateGuidList) {
+ List<XXPolicy> xxPolicyList = daoMgr.getXXPolicy().findPolicyByGUIDAndServiceIdAndZoneId(
+ guid, xService.getId(), xSecurityZone.getId());
+ boolean isFirstElement = false;
+ if (CollectionUtils.isNotEmpty(xxPolicyList)) {
+ isFirstElement = true;
+ for (XXPolicy xxPolicy : xxPolicyList) {
+ if (isFirstElement) {
+ isFirstElement = false;
+ continue;
+ }
+ RangerPolicy policy = svcStore.getPolicy(xxPolicy.getId());
+ if (policy != null) {
+ guid = guidUtil.genGUID();
+ xxPolicy.setGuid(guid);
+ policy.setGuid(guid);
+ xxPolicy.setPolicyText(JsonUtils.objectToJson(policy));
+
+ daoMgr.getXXPolicy().update(xxPolicy);
+ }
+ }
+ } else {
+ logger.info("No policy found with guid:" + guid);
+ }
+ }
+ } else {
+ logger.info("No duplicate GUID found in policy for Service :" + xService.getName() + ", Zone : "
+ + xSecurityZone.getName());
+ }
+ }
+ }
+ } else {
+ logger.info("No zone or service found");
+ }
+ }
+}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java
index 8da6530..b6a20ab 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java
@@ -21,10 +21,13 @@ import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
+import org.apache.ranger.authorization.utils.JsonUtils;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.RangerFactory;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXPolicy;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicyResourceSignature;
import org.apache.ranger.util.CLIUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
@@ -46,6 +49,9 @@ public class PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053 extends
ServiceDBStore svcStore;
@Autowired
+ RangerFactory factory;
+
+ @Autowired
@Qualifier(value = "transactionManager")
PlatformTransactionManager txManager;
@@ -97,14 +103,23 @@ public class PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053 extends
private void updateDisabledPolicyResourceSignature() throws Exception {
logger.info("==> updateDisabledPolicyResourceSignature() ");
+
List<XXPolicy> xxPolicyList = daoMgr.getXXPolicy().findByPolicyStatus(isPolicyEnabled);
if (CollectionUtils.isNotEmpty(xxPolicyList)) {
- logger.info("==> Total number of disabled policies :"+xxPolicyList.size());
+ logger.info("==> Total number of disabled policies :" + xxPolicyList.size());
+
for (XXPolicy xxPolicy : xxPolicyList) {
RangerPolicy policy = svcStore.getPolicy(xxPolicy.getId());
if (policy != null) {
policy.setResourceSignature(null);
- svcStore.updatePolicy(policy);
+ xxPolicy.setResourceSignature(null);
+ RangerPolicyResourceSignature policySignature = factory.createPolicyResourceSignature(policy);
+ String signature = policySignature.getSignature();
+ policy.setResourceSignature(signature);
+ xxPolicy.setPolicyText(JsonUtils.objectToJson(policy));
+ xxPolicy.setResourceSignature(signature);
+
+ daoMgr.getXXPolicy().update(xxPolicy);
}
}
} else {
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index a19f7f1..8225e30 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -323,6 +323,14 @@
<query>select obj.id from XXPolicy obj where obj.service = :serviceId</query>
</named-query>
+ <named-query name="XXPolicy.findDuplicateGUIDByServiceIdAndZoneId">
+ <query>select obj.guid from XXPolicy obj where obj.service = :serviceId and obj.zoneId = :zoneId GROUP BY obj.guid HAVING COUNT(obj.guid)>1</query>
+ </named-query>
+
+ <named-query name="XXPolicy.findPolicyByGUIDAndServiceIdAndZoneId">
+ <query>select obj from XXPolicy obj where obj.guid = :guid and obj.service =:serviceId and obj.zoneId = :zoneId order by obj.id </query>
+ </named-query>
+
<named-query name="XXPolicy.getMaxIdOfXXPolicy">
<query>select MAX(obj.id) from XXPolicy obj</query>
</named-query>
[ranger] 01/02: RANGER-3435: Add unique index on guid, service and zone_id column of x_policy table
Posted by pr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 8968eaef8693b39a32f10c2feebf0035b34e3763
Author: pradeep <pr...@apache.org>
AuthorDate: Mon Nov 22 09:28:37 2021 +0530
RANGER-3435: Add unique index on guid, service and zone_id column of x_policy table
---
.../db/mysql/optimized/current/ranger_core_db_mysql.sql | 2 +-
...unique-constraint-on-x_policy-table-guid-service-column.sql | 6 +++---
.../db/oracle/optimized/current/ranger_core_db_oracle.sql | 2 +-
...unique-constraint-on-x_policy-table-guid-service-column.sql | 10 +++++-----
.../db/postgres/optimized/current/ranger_core_db_postgres.sql | 2 +-
...unique-constraint-on-x_policy-table-guid-service-column.sql | 10 ++++++----
.../optimized/current/ranger_core_db_sqlanywhere.sql | 2 +-
...unique-constraint-on-x_policy-table-guid-service-column.sql | 6 +++---
.../sqlserver/optimized/current/ranger_core_db_sqlserver.sql | 4 ++--
...unique-constraint-on-x_policy-table-guid-service-column.sql | 8 ++++----
10 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index e444e78..df27a9d 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -694,7 +694,7 @@ KEY `x_policy_up_time` (`update_time`),
KEY `x_policy_service` (`service`),
KEY `x_policy_resource_signature` (`resource_signature`),
UNIQUE KEY `x_policy_UK_name_service_zone` (`name`(180),`service`, `zone_id`),
-UNIQUE KEY `x_policy_UK_guid_service` (`guid`(180),`service`),
+UNIQUE KEY `x_policy_UK_guid_service_zone` (`guid`(180),`service`, `zone_id`),
UNIQUE KEY `x_policy_UK_service_signature` (`service`,`resource_signature`),
CONSTRAINT `x_policy_FK_added_by_id` FOREIGN KEY (`added_by_id`) REFERENCES `x_portal_user` (`id`),
CONSTRAINT `x_policy_FK_upd_by_id` FOREIGN KEY (`upd_by_id`) REFERENCES `x_portal_user` (`id`),
diff --git a/security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql b/security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
index 357b7ef..65a78c9 100644
--- a/security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
+++ b/security-admin/db/mysql/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
@@ -18,10 +18,10 @@ drop procedure if exists create_unique_constraint_on_guid_service;
delimiter ;;
create procedure create_unique_constraint_on_guid_service() begin
/* check table and columns exist or not */
- if exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_policy' and column_name in('guid','service')) then
+ if exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_policy' and column_name in('guid','service','zone_id')) then
/* check unique constraint exist on guid and service column or not */
- if not exists (select * from information_schema.table_constraints where table_schema=database() and table_name = 'x_policy' and constraint_name='x_policy_UK_guid_service') then
- ALTER TABLE x_policy ADD UNIQUE INDEX x_policy_UK_guid_service(guid(180),service);
+ if not exists (select * from information_schema.table_constraints where table_schema=database() and table_name = 'x_policy' and constraint_name='x_policy_UK_guid_service_zone') then
+ ALTER TABLE x_policy ADD UNIQUE INDEX x_policy_UK_guid_service_zone(guid(180),service,zone_id);
end if;
end if;
end;;
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 9e5da70..5434f58 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -794,7 +794,7 @@ policy_text CLOB DEFAULT NULL NULL,
zone_id NUMBER(20) DEFAULT '1' NOT NULL,
primary key (id),
CONSTRAINT x_policy_UK_name_service_zone UNIQUE (name,service,zone_id),
-CONSTRAINT x_policy_UK_guid_service UNIQUE (guid,service),
+CONSTRAINT x_policy_UK_guid_service_zone UNIQUE (guid,service,zone_id),
CONSTRAINT x_policy_UK_service_signature UNIQUE (service,resource_signature),
CONSTRAINT x_policy_FK_added_by_id FOREIGN KEY (added_by_id) REFERENCES x_portal_user (id),
CONSTRAINT x_policy_FK_upd_by_id FOREIGN KEY (upd_by_id) REFERENCES x_portal_user (id),
diff --git a/security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql b/security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
index 580841c..aea3efd 100644
--- a/security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
+++ b/security-admin/db/oracle/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
@@ -16,14 +16,14 @@
DECLARE
v_count number:=0;
BEGIN
- select count(*) into v_count from user_tab_cols where table_name='X_POLICY' and column_name IN('GUID','SERVICE');
- if (v_count = 2) THEN
+ select count(*) into v_count from user_tab_cols where table_name='X_POLICY' and column_name IN('GUID','SERVICE','ZONE_ID');
+ if (v_count = 3) THEN
v_count:=0;
- select count(*) into v_count from user_constraints where table_name='X_POLICY' and constraint_name='X_POLICY_UK_GUID_SERVICE' and constraint_type='U';
+ select count(*) into v_count from user_constraints where table_name='X_POLICY' and constraint_name='X_POLICY_UK_GUID_SERVICE_ZONE' and constraint_type='U';
if (v_count = 0) THEN
- select count(*) into v_count from user_ind_columns WHERE table_name='X_POLICY' and column_name IN('GUID','SERVICE') and index_name='X_POLICY_UK_GUID_SERVICE';
+ select count(*) into v_count from user_ind_columns WHERE table_name='X_POLICY' and column_name IN('GUID','SERVICE','ZONE_ID') and index_name='X_POLICY_UK_GUID_SERVICE_ZONE';
if (v_count = 0) THEN
- execute immediate 'ALTER TABLE X_POLICY ADD CONSTRAINT X_POLICY_UK_GUID_SERVICE UNIQUE (GUID,SERVICE)';
+ execute immediate 'ALTER TABLE X_POLICY ADD CONSTRAINT X_POLICY_UK_GUID_SERVICE_ZONE UNIQUE (GUID,SERVICE,ZONE_ID)';
end if;
commit;
end if;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index 9fd4503..3cfdb81 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -623,7 +623,7 @@ policy_text TEXT DEFAULT NULL NULL,
zone_id BIGINT DEFAULT '1' NOT NULL,
primary key(id),
CONSTRAINT x_policy_uk_name_service_zone UNIQUE(name,service,zone_id),
-CONSTRAINT x_policy_uk_guid_service UNIQUE(guid,service),
+CONSTRAINT x_policy_uk_guid_service_zone UNIQUE(guid,service,zone_id),
CONSTRAINT x_policy_uk_service_signature UNIQUE(service,resource_signature),
CONSTRAINT x_policy_FK_added_by_id FOREIGN KEY(added_by_id) REFERENCES x_portal_user(id),
CONSTRAINT x_policy_FK_upd_by_id FOREIGN KEY(upd_by_id) REFERENCES x_portal_user(id),
diff --git a/security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql b/security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
index 81718aa..e0b9e92 100644
--- a/security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
+++ b/security-admin/db/postgres/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
@@ -19,13 +19,15 @@ RETURNS void AS $$
DECLARE
v_attnum1 integer := 0;
v_attnum2 integer := 0;
+ v_attnum3 integer := 0;
BEGIN
select attnum into v_attnum1 from pg_attribute where attrelid in(select oid from pg_class where relname='x_policy') and attname in('guid');
select attnum into v_attnum2 from pg_attribute where attrelid in(select oid from pg_class where relname='x_policy') and attname in('service');
- IF v_attnum1 > 0 and v_attnum2 > 0 THEN
- IF not exists (select * from pg_constraint where conrelid in(select oid from pg_class where relname='x_policy') and conname='x_policy_uk_guid_service' and contype='u') THEN
- IF not exists (select * from pg_index where indrelid in(select oid from pg_class where relname='x_policy') and indkey[0]=v_attnum1 and indkey[1]=v_attnum2) THEN
- ALTER TABLE x_policy ADD CONSTRAINT x_policy_uk_guid_service UNIQUE(guid,service);
+ select attnum into v_attnum3 from pg_attribute where attrelid in(select oid from pg_class where relname='x_policy') and attname in('zone_id');
+ IF v_attnum1 > 0 and v_attnum2 > 0 and v_attnum3 > 0 THEN
+ IF not exists (select * from pg_constraint where conrelid in(select oid from pg_class where relname='x_policy') and conname='x_policy_uk_guid_service_zone' and contype='u') THEN
+ IF not exists (select * from pg_index where indrelid in(select oid from pg_class where relname='x_policy') and indkey[0]=v_attnum1 and indkey[1]=v_attnum2 and indkey[2]=v_attnum3) THEN
+ ALTER TABLE x_policy ADD CONSTRAINT x_policy_uk_guid_service_zone UNIQUE(guid,service,zone_id);
END IF;
END IF;
END IF;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index bdccecc..40dafaf 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -574,7 +574,7 @@ create table dbo.x_policy (
zone_id bigint DEFAULT '1' NOT NULL,
CONSTRAINT x_policy_PK_id PRIMARY KEY CLUSTERED(id),
CONSTRAINT x_policy_UK_name_service_zone UNIQUE NONCLUSTERED (name,service,zone_id),
- CONSTRAINT x_policy_UK_guid_service UNIQUE NONCLUSTERED (guid,service),
+ CONSTRAINT x_policy_UK_guid_service_zone UNIQUE NONCLUSTERED (guid,service,zone_id),
CONSTRAINT x_policy_UK_service_signature UNIQUE NONCLUSTERED (service,resource_signature),
)
GO
diff --git a/security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql b/security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
index 16ad476..4ae146f 100644
--- a/security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
+++ b/security-admin/db/sqlanywhere/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
@@ -13,9 +13,9 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
BEGIN
- IF EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_policy' and cname in('guid','service') THEN
- IF NOT EXISTS(select * from SYS.SYSCONSTRAINT where constraint_name = 'x_policy_UK_guid_service') THEN
- ALTER TABLE dbo.x_policy ADD CONSTRAINT x_policy_UK_guid_service UNIQUE NONCLUSTERED (guid,service);
+ IF EXISTS(select * from SYS.SYSCOLUMNS where tname = 'x_policy' and cname in('guid','service','zone_id') THEN
+ IF NOT EXISTS(select * from SYS.SYSCONSTRAINT where constraint_name = 'x_policy_UK_guid_service_zone') THEN
+ ALTER TABLE dbo.x_policy ADD CONSTRAINT x_policy_UK_guid_service_zone UNIQUE NONCLUSTERED (guid,service,zone_id);
END IF;
END IF;
END
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 8515ac0..0b24c59 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -1465,9 +1465,9 @@ CONSTRAINT [x_policy$x_policy_UK_name_service_zone] UNIQUE NONCLUSTERED
(
[name] ASC, [service] ASC, [zone_id] ASC
)WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY],
-CONSTRAINT [x_policy$x_policy_UK_guid_service] UNIQUE NONCLUSTERED
+CONSTRAINT [x_policy$x_policy_UK_guid_service_zone] UNIQUE NONCLUSTERED
(
- [guid] ASC, [service] ASC
+ [guid] ASC, [service] ASC, [zone_id] ASC
)WITH (PAD_INDEX = OFF,STATISTICS_NORECOMPUTE = OFF,IGNORE_DUP_KEY = OFF,ALLOW_ROW_LOCKS = ON,ALLOW_PAGE_LOCKS = ON) ON [PRIMARY],
CONSTRAINT [x_policy$x_policy_UK_service_signature] UNIQUE NONCLUSTERED
(
diff --git a/security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql b/security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
index 3037988..baa20dd 100644
--- a/security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
+++ b/security-admin/db/sqlserver/patches/057-add-unique-constraint-on-x_policy-table-guid-service-column.sql
@@ -16,13 +16,13 @@
-- limitations under the License.
-IF EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_policy' and column_name in ('guid','service'))
+IF EXISTS(select * from INFORMATION_SCHEMA.columns where table_name = 'x_policy' and column_name in ('guid','service','zone_id'))
BEGIN
- IF NOT EXISTS(select * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE where table_name='x_policy' and column_name='guid' and constraint_name = 'x_policy$x_policy_UK_guid_service')
+ IF NOT EXISTS(select * from INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE where table_name='x_policy' and column_name='guid' and constraint_name = 'x_policy$x_policy_UK_guid_service_zone')
BEGIN
- IF NOT EXISTS(select * from INFORMATION_SCHEMA.TABLE_CONSTRAINTS where table_name='x_policy' and constraint_name = 'x_policy$x_policy_UK_guid_service' and CONSTRAINT_TYPE='UNIQUE')
+ IF NOT EXISTS(select * from INFORMATION_SCHEMA.TABLE_CONSTRAINTS where table_name='x_policy' and constraint_name = 'x_policy$x_policy_UK_guid_service_zone' and CONSTRAINT_TYPE='UNIQUE')
BEGIN
- ALTER TABLE [dbo].[x_policy] ADD CONSTRAINT [x_policy$x_policy_UK_guid_service] UNIQUE ([guid],[service]);
+ ALTER TABLE [dbo].[x_policy] ADD CONSTRAINT [x_policy$x_policy_UK_guid_service_zone] UNIQUE ([guid],[service],[zone_id]);
END
END
END