You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/04/05 09:12:32 UTC
incubator-ranger git commit: RANGER-903 Optimize updates to tag
objects
Repository: incubator-ranger
Updated Branches:
refs/heads/master e474d3ed0 -> 38b79e725
RANGER-903 Optimize updates to tag objects
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/38b79e72
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/38b79e72
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/38b79e72
Branch: refs/heads/master
Commit: 38b79e7253a6ad8dd5a38f4775ec1ac5b70b05b1
Parents: e474d3e
Author: Abhay Kulkarni <ak...@hortonworks.com>
Authored: Wed Mar 30 15:04:50 2016 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Apr 4 23:59:34 2016 -0700
----------------------------------------------------------------------
.../apache/ranger/plugin/model/RangerTag.java | 10 +-
.../ranger/plugin/store/AbstractTagStore.java | 19 +-
.../apache/ranger/plugin/store/TagStore.java | 4 +-
.../ranger/plugin/store/file/TagFileStore.java | 15 +-
.../apache/ranger/plugin/util/ServiceTags.java | 25 +-
.../ranger/plugin/store/TestTagStore.java | 5 +-
.../patches/021-update-tag-for-owner.sql | 1 +
.../apache/ranger/biz/RangerTagDBRetriever.java | 1 +
.../java/org/apache/ranger/biz/TagDBStore.java | 50 +++-
.../ranger/common/RangerServiceTagsCache.java | 1 -
.../apache/ranger/db/XXServiceResourceDao.java | 7 +-
.../org/apache/ranger/db/XXTagAttributeDao.java | 13 +
.../java/org/apache/ranger/db/XXTagDao.java | 15 +
.../java/org/apache/ranger/entity/XXTag.java | 2 +-
.../org/apache/ranger/rest/ServiceREST.java | 2 +-
.../ranger/rest/ServiceTagsProcessor.java | 295 ++++++++++++-------
.../java/org/apache/ranger/rest/TagREST.java | 13 +-
.../service/RangerServiceResourceService.java | 4 +-
.../resources/META-INF/jpa_named_queries.xml | 20 +-
tagsync/samples/tags.json | 17 +-
.../source/atlas/AtlasNotificationMapper.java | 3 +-
.../main/resources/etc/ranger/data/tags.json | 4 +-
22 files changed, 341 insertions(+), 185 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java
index 78040ba..f19cc60 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerTag.java
@@ -41,24 +41,26 @@ public class RangerTag extends RangerBaseModelObject {
public static final short OWNER_GLOBAL = 1;
private String type;
- private Short owner = OWNER_SERVICERESOURCE;
+ private Short owner = OWNER_SERVICERESOURCE;
+
private Map<String, String> attributes;
- public RangerTag(String guid, String type, Short owner, Map<String, String> attributes) {
+ public RangerTag(String guid, String type, Map<String, String> attributes, Short owner) {
super();
setGuid(guid);
setType(type);
setOwner(owner);
setAttributes(attributes);
+ setOwner(owner);
}
public RangerTag(String type, Map<String, String> attributes) {
- this(null, type, OWNER_SERVICERESOURCE, attributes);
+ this(null, type, attributes, OWNER_SERVICERESOURCE);
}
public RangerTag() {
- this(null, null, OWNER_SERVICERESOURCE, null);
+ this(null, null, null, OWNER_SERVICERESOURCE);
}
public String getType() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractTagStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractTagStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractTagStore.java
index 7d2e130..ebf7d6e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractTagStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractTagStore.java
@@ -104,31 +104,21 @@ public abstract class AbstractTagStore implements TagStore {
}
@Override
- public void deleteAllTagObjectsForService(String serviceName, boolean isResourePrivateTag) throws Exception {
+ public void deleteAllTagObjectsForService(String serviceName) throws Exception {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> AbstractTagStore.deleteAllTagObjectsForService(serviceName=" + serviceName + ", isResourcePrivateTag=" + isResourePrivateTag + ")");
+ LOG.debug("==> AbstractTagStore.deleteAllTagObjectsForService(serviceName=" + serviceName + ")");
}
List<RangerServiceResource> serviceResources = getServiceResourcesByService(serviceName);
if (serviceResources != null) {
- Set<Long> tagsToDelete = new HashSet<Long>();
-
-
for (RangerServiceResource serviceResource : serviceResources) {
Long resourceId = serviceResource.getId();
List<RangerTagResourceMap> tagResourceMapsForService = getTagResourceMapsForResourceId(resourceId);
- if (isResourePrivateTag) {
- for (RangerTagResourceMap tagResourceMap : tagResourceMapsForService) {
- Long tagId = tagResourceMap.getTagId();
- RangerTag tag = getTag(tagId);
- tagsToDelete.add(tag.getId());
- }
- }
for (RangerTagResourceMap tagResourceMap : tagResourceMapsForService) {
deleteTagResourceMap(tagResourceMap.getId());
}
@@ -138,13 +128,10 @@ public abstract class AbstractTagStore implements TagStore {
deleteServiceResource(serviceResource.getId());
}
- for (Long tagId : tagsToDelete) {
- deleteTag(tagId);
- }
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== AbstractTagStore.deleteAllTagObjectsForService(serviceName=" + serviceName + ", isResourcePrivateTag=" + isResourePrivateTag + ")");
+ LOG.debug("<== AbstractTagStore.deleteAllTagObjectsForService(serviceName=" + serviceName + ")");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java
index 69bd628..b135423 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/TagStore.java
@@ -91,7 +91,7 @@ public interface TagStore {
List<RangerServiceResource> getServiceResourcesByService(String serviceName) throws Exception;
- RangerServiceResource getServiceResourceByResourceSignature(String resourceSignature) throws Exception;
+ RangerServiceResource getServiceResourceByServiceAndResourceSignature(String serviceName, String resourceSignature) throws Exception;
List<RangerServiceResource> getServiceResources(SearchFilter filter) throws Exception;
@@ -128,5 +128,5 @@ public interface TagStore {
Long getTagVersion(String serviceName);
- void deleteAllTagObjectsForService(String serviceName, boolean isResourePrivateTag) throws Exception;
+ void deleteAllTagObjectsForService(String serviceName) throws Exception;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
index 58052cf..5f22f0d 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/TagFileStore.java
@@ -732,15 +732,17 @@ public class TagFileStore extends AbstractTagStore {
}
@Override
- public RangerServiceResource getServiceResourceByResourceSignature(String resourceSignature) throws Exception {
+ public RangerServiceResource getServiceResourceByServiceAndResourceSignature(String serviceName, String resourceSignature) throws Exception {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> TagFileStore.getServiceResourceByResourceSignature(" + resourceSignature + ")");
+ LOG.debug("==> TagFileStore.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + ")");
}
RangerServiceResource ret = null;
if (StringUtils.isNotBlank(resourceSignature)) {
- SearchFilter filter = new SearchFilter(SearchFilter.TAG_RESOURCE_SIGNATURE, resourceSignature);
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.TAG_RESOURCE_SERVICE_NAME, serviceName);
+ filter.setParam(SearchFilter.TAG_RESOURCE_SIGNATURE, resourceSignature);
List<RangerServiceResource> resources = getServiceResources(filter);
@@ -748,7 +750,7 @@ public class TagFileStore extends AbstractTagStore {
}
if (LOG.isDebugEnabled()) {
- LOG.debug("<== TagFileStore.getServiceResourceByResourceSignature(" + resourceSignature + "): " + ret);
+ LOG.debug("<== TagFileStore.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + "): " + ret);
}
return ret;
@@ -824,8 +826,13 @@ public class TagFileStore extends AbstractTagStore {
try {
RangerTagResourceMap tagResourceMap = getTagResourceMap(id);
+ Long tagId = tagResourceMap.getTagId();
+ RangerTag tag = getTag(tagId);
deleteTagResourceMap(tagResourceMap);
+ if (tag.getOwner() == RangerTag.OWNER_SERVICERESOURCE) {
+ deleteTag(tagId);
+ }
} catch (Exception excp) {
throw new Exception("failed to delete tagResourceMap with ID=" + id, excp);
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java
index 738a947..3c685e9 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/ServiceTags.java
@@ -50,11 +50,7 @@ public class ServiceTags implements java.io.Serializable {
public static final String OP_DELETE = "delete";
public static final String OP_REPLACE = "replace";
- public static final String TAGMODEL_SHARED = "shared";
- public static final String TAGMODEL_RESOURCE_PRIVATE = "resource_private";
-
private String op = OP_ADD_OR_UPDATE;
- private String tagModel = TAGMODEL_SHARED;
private String serviceName;
private Long tagVersion;
private Date tagUpdateTime;
@@ -64,13 +60,12 @@ public class ServiceTags implements java.io.Serializable {
private Map<Long, List<Long>> resourceToTagIds;
public ServiceTags() {
- this(OP_ADD_OR_UPDATE, TAGMODEL_SHARED, null, 0L, null, null, null, null, null);
+ this(OP_ADD_OR_UPDATE, null, 0L, null, null, null, null, null);
}
- public ServiceTags(String op, String tagModel, String serviceName, Long tagVersion, Date tagUpdateTime, Map<Long, RangerTagDef> tagDefinitions,
+ public ServiceTags(String op, String serviceName, Long tagVersion, Date tagUpdateTime, Map<Long, RangerTagDef> tagDefinitions,
Map<Long, RangerTag> tags, List<RangerServiceResource> serviceResources, Map<Long, List<Long>> resourceToTagIds) {
setOp(op);
- setTagModel(tagModel);
setServiceName(serviceName);
setTagVersion(tagVersion);
setTagUpdateTime(tagUpdateTime);
@@ -87,13 +82,6 @@ public class ServiceTags implements java.io.Serializable {
}
/**
- * @return the tagModel
- */
- public String getTagModel() {
- return tagModel;
- }
-
- /**
* @return the serviceName
*/
public String getServiceName() {
@@ -107,14 +95,6 @@ public class ServiceTags implements java.io.Serializable {
this.op = op;
}
-
- /**
- * @param tagModel the tagModel to set
- */
- public void setTagModel(String tagModel) {
- this.tagModel = tagModel;
- }
-
/**
* @param serviceName the serviceName to set
*/
@@ -194,7 +174,6 @@ public class ServiceTags implements java.io.Serializable {
public StringBuilder toString(StringBuilder sb) {
sb.append("ServiceTags={")
.append("op=").append(op).append(", ")
- .append("tagModel=").append(tagModel).append(", ")
.append("serviceName=").append(serviceName).append(", ")
.append("tagVersion=").append(tagVersion).append(", ")
.append("tagUpdateTime={").append(tagUpdateTime).append("}")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java
index aaace89..eb2f17e 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/store/TestTagStore.java
@@ -309,8 +309,9 @@ public class TestTagStore {
validator.preDeleteServiceResource(createdServiceResource.getId());
tagStore.deleteServiceResource(createdServiceResource.getId());
- validator.preDeleteTag(createdTag.getId());
- tagStore.deleteTag(createdTag.getId());
+ // private tags are deleted when TagResourceMap is deleted.. No need for deleting it here
+ //validator.preDeleteTag(createdTag.getId());
+ //tagStore.deleteTag(createdTag.getId());
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/db/sqlserver/patches/021-update-tag-for-owner.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/patches/021-update-tag-for-owner.sql b/security-admin/db/sqlserver/patches/021-update-tag-for-owner.sql
index dabe841..d07babc 100644
--- a/security-admin/db/sqlserver/patches/021-update-tag-for-owner.sql
+++ b/security-admin/db/sqlserver/patches/021-update-tag-for-owner.sql
@@ -19,4 +19,5 @@ BEGIN
ALTER TABLE [dbo].[x_tag] ADD [owned_by] [smallint] DEFAULT 0 NOT NULL;
END
GO
+
exit
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
index 3b7555e..256db42 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java
@@ -525,6 +525,7 @@ public class RangerTagDBRetriever {
ret.setId(xTag.getId());
ret.setGuid(xTag.getGuid());
+ ret.setOwner(xTag.getOwner());
ret.setCreatedBy(lookupCache.getUserScreenName(xTag.getAddedByUserId()));
ret.setUpdatedBy(lookupCache.getUserScreenName(xTag.getUpdatedByUserId()));
ret.setCreateTime(xTag.getCreateTime());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
index cc2386e..28d7bf6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/TagDBStore.java
@@ -39,6 +39,7 @@ import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.entity.XXServiceResource;
+import org.apache.ranger.entity.XXTag;
import org.apache.ranger.entity.XXTagAttribute;
import org.apache.ranger.entity.XXTagAttributeDef;
import org.apache.ranger.entity.XXServiceResourceElement;
@@ -581,15 +582,21 @@ public class TagDBStore extends AbstractTagStore {
}
@Override
- public RangerServiceResource getServiceResourceByResourceSignature(String resourceSignature) throws Exception {
+ public RangerServiceResource getServiceResourceByServiceAndResourceSignature(String serviceName, String resourceSignature) throws Exception {
if (LOG.isDebugEnabled()) {
- LOG.debug("==> TagDBStore.getServiceResourceByResourceSignature(" + resourceSignature + ")");
+ LOG.debug("==> TagDBStore.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + ")");
}
- RangerServiceResource ret = rangerServiceResourceService.getByResourceSignature(resourceSignature);
+ RangerServiceResource ret = null;
+
+ XXService service = daoManager.getXXService().findByName(serviceName);
+
+ if (service != null) {
+ ret = rangerServiceResourceService.getByServiceAndResourceSignature(service.getId(), resourceSignature);
+ }
if (LOG.isDebugEnabled()) {
- LOG.debug("<== TagDBStore.getServiceResourceByResourceSignature(" + resourceSignature + "): " + ret);
+ LOG.debug("<== TagDBStore.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + "): " + ret);
}
return ret;
@@ -648,9 +655,15 @@ public class TagDBStore extends AbstractTagStore {
}
RangerTagResourceMap tagResourceMap = rangerTagResourceMapService.read(id);
+ Long tagId = tagResourceMap.getTagId();
+ RangerTag tag = getTag(tagId);
rangerTagResourceMapService.delete(tagResourceMap);
+ if (tag.getOwner() == RangerTag.OWNER_SERVICERESOURCE) {
+ deleteTag(tagId);
+ }
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== TagDBStore.deleteTagResourceMap(" + id + ")");
}
@@ -1088,7 +1101,7 @@ public class TagDBStore extends AbstractTagStore {
}
@Override
- public void deleteAllTagObjectsForService(String serviceName, boolean isResourcePrivateFlag) throws Exception {
+ public void deleteAllTagObjectsForService(String serviceName) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> TagDBStore.deleteAllTagObjectsForService(" + serviceName + ")");
@@ -1099,6 +1112,10 @@ public class TagDBStore extends AbstractTagStore {
if (service != null) {
Long serviceId = service.getId();
+ List<XXTagAttribute> xxTagAttributes = daoManager.getXXTagAttribute().findByServiceIdAndOwner(serviceId, RangerTag.OWNER_SERVICERESOURCE);
+
+ List<XXTag> xxTags = daoManager.getXXTag().findByServiceIdAndOwner(serviceId, RangerTag.OWNER_SERVICERESOURCE);
+
List<XXTagResourceMap> xxTagResourceMaps = daoManager.getXXTagResourceMap().findByServiceId(serviceId);
if (CollectionUtils.isNotEmpty(xxTagResourceMaps)) {
@@ -1112,6 +1129,28 @@ public class TagDBStore extends AbstractTagStore {
}
}
+ if (CollectionUtils.isNotEmpty(xxTagAttributes)) {
+ for (XXTagAttribute xxTagAttribute : xxTagAttributes) {
+ try {
+ daoManager.getXXTagAttribute().remove(xxTagAttribute);
+ } catch (Exception e) {
+ LOG.error("Error deleting RangerTagAttribute with id=" + xxTagAttribute.getId(), e);
+ throw e;
+ }
+ }
+ }
+
+ if (CollectionUtils.isNotEmpty(xxTags)) {
+ for (XXTag xxTag : xxTags) {
+ try {
+ daoManager.getXXTag().remove(xxTag);
+ } catch (Exception e) {
+ LOG.error("Error deleting RangerTag with id=" + xxTag.getId(), e);
+ throw e;
+ }
+ }
+ }
+
List<XXServiceResourceElementValue> xxServiceResourceElementValues = daoManager.getXXServiceResourceElementValue().findByServiceId(serviceId);
if (CollectionUtils.isNotEmpty(xxServiceResourceElementValues)) {
@@ -1150,6 +1189,7 @@ public class TagDBStore extends AbstractTagStore {
}
}
}
+
}
if (LOG.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
index cdc44e0..15af0f0 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerServiceTagsCache.java
@@ -252,7 +252,6 @@ public class RangerServiceTagsCache {
private void pruneUnusedAttributes() {
if (serviceTags != null) {
serviceTags.setOp(null);
- serviceTags.setTagModel(null);
serviceTags.setTagUpdateTime(null);
serviceTags.setTagDefinitions(null);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java
index c990ae7..9257aaa 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXServiceResourceDao.java
@@ -59,13 +59,14 @@ public class XXServiceResourceDao extends BaseDao<XXServiceResource> {
}
}
- public XXServiceResource findByResourceSignature(String resourceSignature) {
+ public XXServiceResource findByServiceAndResourceSignature(Long serviceId, String resourceSignature) {
if (StringUtils.isBlank(resourceSignature)) {
return null;
}
try {
- return getEntityManager().createNamedQuery("XXServiceResource.findByResourceSignature", tClass)
- .setParameter("resourceSignature", resourceSignature).getSingleResult();
+ return getEntityManager().createNamedQuery("XXServiceResource.findByServiceAndResourceSignature", tClass)
+ .setParameter("serviceId", serviceId).setParameter("resourceSignature", resourceSignature)
+ .getSingleResult();
} catch (NoResultException e) {
return null;
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/db/XXTagAttributeDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXTagAttributeDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXTagAttributeDao.java
index c993477..a30e543 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXTagAttributeDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXTagAttributeDao.java
@@ -57,6 +57,19 @@ public class XXTagAttributeDao extends BaseDao<XXTagAttribute> {
}
}
+ public List<XXTagAttribute> findByServiceIdAndOwner(Long serviceId, Short owner) {
+ if (serviceId == null) {
+ return new ArrayList<XXTagAttribute>();
+ }
+ try {
+ return getEntityManager().createNamedQuery("XXTagAttribute.findByServiceIdAndOwner", tClass)
+ .setParameter("serviceId", serviceId)
+ .setParameter("owner", owner)
+ .getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXTagAttribute>();
+ }
+ }
public List<XXTagAttribute> findByResourceId(Long resourceId) {
if (resourceId == null) {
return new ArrayList<XXTagAttribute>();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/db/XXTagDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXTagDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXTagDao.java
index 3c9370b..a3fde2c 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXTagDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXTagDao.java
@@ -123,4 +123,19 @@ public class XXTagDao extends BaseDao<XXTag> {
return new ArrayList<XXTag>();
}
}
+
+ public List<XXTag> findByServiceIdAndOwner(Long serviceId, Short owner) {
+ if (serviceId == null) {
+ return new ArrayList<XXTag>();
+ }
+
+ try {
+ return getEntityManager().createNamedQuery("XXTag.findByServiceIdAndOwner", tClass)
+ .setParameter("serviceId", serviceId)
+ .setParameter("owner", owner)
+ .getResultList();
+ } catch (NoResultException e) {
+ return new ArrayList<XXTag>();
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
index 526557e..2ed6f73 100644
--- a/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXTag.java
@@ -200,7 +200,7 @@ public class XXTag extends XXDBBase implements Serializable {
sb.append("id={").append(id).append("} ");
sb.append("guid={").append(guid).append("} ");
sb.append("type={").append(type).append("} ");
- sb.append("owner={").append(owner).append("} ");
+ sb.append("owned_by={").append(owner).append("} ");
sb.append(" }");
return sb;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 0dbd042..8f01bfc 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -539,7 +539,7 @@ public class ServiceREST {
XXServiceDef xxServiceDef = daoManager.getXXServiceDef().getById(service.getType());
bizUtil.hasKMSPermissions("Service", xxServiceDef.getImplclassname());
- tagStore.deleteAllTagObjectsForService(service.getName(), false);
+ tagStore.deleteAllTagObjectsForService(service.getName());
svcStore.deleteService(id);
} catch(WebApplicationException excp) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
index ebe71eb..7e6900e 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceTagsProcessor.java
@@ -32,6 +32,7 @@ import org.apache.ranger.plugin.store.RangerServiceResourceSignature;
import org.apache.ranger.plugin.store.TagStore;
import org.apache.ranger.plugin.util.ServiceTags;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -53,7 +54,6 @@ public class ServiceTagsProcessor {
if (tagStore != null && serviceTags != null) {
if (LOG.isDebugEnabled()) {
LOG.debug("serviceTags: op=" + serviceTags.getOp());
- LOG.debug("serviceTags: tagModel=" + serviceTags.getTagModel());
}
String op = serviceTags.getOp();
@@ -88,11 +88,8 @@ public class ServiceTagsProcessor {
}
Map<Long, RangerTagDef> tagDefsInStore = new HashMap<Long, RangerTagDef>();
- Map<Long, RangerTag> tagsInStore = new HashMap<Long, RangerTag>();
Map<Long, RangerServiceResource> resourcesInStore = new HashMap<Long, RangerServiceResource>();
- boolean createOrUpdate = true;
-
if (MapUtils.isNotEmpty(serviceTags.getTagDefinitions())) {
RangerTagDef tagDef = null;
@@ -102,14 +99,12 @@ public class ServiceTagsProcessor {
RangerTagDef existing = null;
- if(createOrUpdate) {
- if(StringUtils.isNotEmpty(tagDef.getGuid())) {
- existing = tagStore.getTagDefByGuid(tagDef.getGuid());
- }
+ if(StringUtils.isNotEmpty(tagDef.getGuid())) {
+ existing = tagStore.getTagDefByGuid(tagDef.getGuid());
+ }
- if(existing == null && StringUtils.isNotEmpty(tagDef.getName())) {
- existing = tagStore.getTagDefByName(tagDef.getName());
- }
+ if(existing == null && StringUtils.isNotEmpty(tagDef.getName())) {
+ existing = tagStore.getTagDefByName(tagDef.getName());
}
RangerTagDef tagDefInStore = null;
@@ -123,9 +118,7 @@ public class ServiceTagsProcessor {
tagDefInStore = existing;
}
- if(tagDefsInStore != null) {
- tagDefsInStore.put(entry.getKey(), tagDefInStore);
- }
+ tagDefsInStore.put(entry.getKey(), tagDefInStore);
}
} catch (Exception exception) {
LOG.error("createTagDef failed, tagDef=" + tagDef, exception);
@@ -133,42 +126,6 @@ public class ServiceTagsProcessor {
}
}
- if (MapUtils.isNotEmpty(serviceTags.getTags())) {
- RangerTag tag = null;
-
- try {
- for (Map.Entry<Long, RangerTag> entry : serviceTags.getTags().entrySet()) {
- tag = entry.getValue();
-
- RangerTag existing = null;
-
- if(createOrUpdate) {
- if(StringUtils.isNotEmpty(tag.getGuid())) {
- existing = tagStore.getTagByGuid(tag.getGuid());
- }
- }
-
- RangerTag tagInStore = null;
-
- if(existing == null) {
- tagInStore = tagStore.createTag(tag);
- } else {
- tag.setId(existing.getId());
- tag.setGuid(existing.getGuid());
-
- tagInStore = tagStore.updateTag(tag);
- }
-
- if(tagsInStore != null) {
- tagsInStore.put(entry.getKey(), tagInStore);
- }
- }
- } catch (Exception exception) {
- LOG.error("createTag failed, tag=" + tag, exception);
- throw exception;
- }
- }
-
List<RangerServiceResource> resources = serviceTags.getServiceResources();
if (CollectionUtils.isNotEmpty(resources)) {
RangerServiceResource resource = null;
@@ -181,24 +138,22 @@ public class ServiceTagsProcessor {
String resourceSignature = null;
Long resourceId = resource.getId();
- if(createOrUpdate) {
- if(StringUtils.isNotEmpty(resource.getGuid())) {
- existing = tagStore.getServiceResourceByGuid(resource.getGuid());
- }
+ if(StringUtils.isNotEmpty(resource.getGuid())) {
+ existing = tagStore.getServiceResourceByGuid(resource.getGuid());
+ }
- if(existing == null) {
- if(MapUtils.isNotEmpty(resource.getResourceElements())) {
- RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource);
+ if(existing == null) {
+ if(MapUtils.isNotEmpty(resource.getResourceElements())) {
+ RangerServiceResourceSignature serializer = new RangerServiceResourceSignature(resource);
- resourceSignature = serializer.getSignature();
+ resourceSignature = serializer.getSignature();
- existing = tagStore.getServiceResourceByResourceSignature(resourceSignature);
- }
+ existing = tagStore.getServiceResourceByServiceAndResourceSignature(resource.getServiceName(), resourceSignature);
}
+ }
- if(existing != null) {
- resourceSignature = existing.getResourceSignature();
- }
+ if(existing != null) {
+ resourceSignature = existing.getResourceSignature();
}
if(StringUtils.isEmpty(resourceSignature)) {
@@ -243,70 +198,141 @@ public class ServiceTagsProcessor {
}
// Get all tags associated with this resourceId
- List<Long> tagsToDelete = null;
+ List<RangerTag> associatedTags = null;
+
try {
- tagsToDelete = tagStore.getTagIdsForResourceId(resourceInStore.getId());
+ associatedTags = tagStore.getTagsForResourceId(resourceInStore.getId());
} catch (Exception exception) {
LOG.error("RangerTags cannot be retrieved for resource with guid=" + resourceInStore.getGuid());
throw exception;
}
+ List<RangerTag> tagsToRetain = new ArrayList<RangerTag>();
+
List<Long> tagIds = entry.getValue();
try {
for (Long tagId : tagIds) {
- RangerTag tagInStore = tagsInStore.get(tagId);
+ RangerTag incomingTag = MapUtils.isNotEmpty(serviceTags.getTags()) ? serviceTags.getTags().get(tagId) : null;
- if (tagInStore == null) {
+ if (incomingTag == null) {
LOG.error("Tag (id=" + tagId + ") not found. Skipping addition of this tag for resource (id=" + resourceId + ")");
continue;
}
- RangerTagResourceMap existing = null;
-
- if(createOrUpdate) {
- existing = tagStore.getTagResourceMapForTagAndResourceId(tagInStore.getId(), resourceInStore.getId());
- }
+ RangerTag matchingTag = findMatchingTag(incomingTag, associatedTags);
+ if (matchingTag == null) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Did not find matching tag for tagId=" + tagId);
+ }
+ // create new tag from incoming tag and associate it with service-resource
+ RangerTag newTag = tagStore.createTag(incomingTag);
- if(existing == null) {
RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
- tagResourceMap.setTagId(tagInStore.getId());
+ tagResourceMap.setTagId(newTag.getId());
tagResourceMap.setResourceId(resourceInStore.getId());
tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
+
+ associatedTags.add(newTag);
+ tagsToRetain.add(newTag);
+
+ continue;
+
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Found matching tag for tagId=" + tagId + ", matchingTag=" + matchingTag);
}
- if(tagsToDelete != null) {
- tagsToDelete.remove((Long)tagInStore.getId());
+ if (isResourcePrivateTag(incomingTag)) {
+ if (!isResourcePrivateTag(matchingTag)) {
+ // create new tag from incoming tag and associate it with service-resource
+ RangerTag newTag = tagStore.createTag(incomingTag);
+
+ RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
+
+ tagResourceMap.setTagId(newTag.getId());
+ tagResourceMap.setResourceId(resourceInStore.getId());
+
+ tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
+
+ associatedTags.add(newTag);
+ tagsToRetain.add(newTag);
+
+ } else {
+ // Keep this tag, but update it with attribute-values from incoming tag
+ tagsToRetain.add(matchingTag);
+
+ if (StringUtils.equals(incomingTag.getGuid(), matchingTag.getGuid())) {
+ // matching tag was found because of Guid match
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Updating existing private tag with id=" + matchingTag.getId());
+ }
+ // update private tag with new values
+ incomingTag.setId(matchingTag.getId());
+ tagStore.updateTag(incomingTag);
+ }
+ }
+ } else { // shared model
+ if (isResourcePrivateTag(matchingTag)) {
+ // create new tag from incoming tag and associate it with service-resource
+ RangerTag newTag = tagStore.createTag(incomingTag);
+
+ RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
+
+ tagResourceMap.setTagId(newTag.getId());
+ tagResourceMap.setResourceId(resourceInStore.getId());
+
+ tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
+
+ associatedTags.add(newTag);
+ tagsToRetain.add(newTag);
+
+ } else {
+ // Keep this tag, but update it with attribute-values from incoming tag
+ tagsToRetain.add(matchingTag);
+
+ // Update shared tag with new values
+ incomingTag.setId(matchingTag.getId());
+ tagStore.updateTag(incomingTag);
+
+ // associate with service-resource if not already associated
+ if (findTagInList(matchingTag, associatedTags) == null) {
+ RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();
+
+ tagResourceMap.setTagId(matchingTag.getId());
+ tagResourceMap.setResourceId(resourceInStore.getId());
+
+ tagResourceMap = tagStore.createTagResourceMap(tagResourceMap);
+ }
+
+ }
}
+
}
} catch (Exception exception) {
LOG.error("createRangerTagResourceMap failed", exception);
throw exception;
}
- if (CollectionUtils.isNotEmpty(tagsToDelete)) {
+ if (CollectionUtils.isNotEmpty(associatedTags)) {
Long tagId = null;
try {
- for(int i = 0; i < tagsToDelete.size(); i++) {
- tagId = tagsToDelete.get(i);
+ for (RangerTag associatedTag : associatedTags) {
+ if (findTagInList(associatedTag, tagsToRetain) == null) {
- RangerTagResourceMap tagResourceMap = tagStore.getTagResourceMapForTagAndResourceId(tagId, resourceInStore.getId());
+ tagId = associatedTag.getId();
- if(tagResourceMap != null) {
- tagStore.deleteTagResourceMap(tagResourceMap.getId());
- }
+ RangerTagResourceMap tagResourceMap = tagStore.getTagResourceMapForTagAndResourceId(tagId, resourceInStore.getId());
- if (LOG.isDebugEnabled()) {
- LOG.debug("Deleted tagResourceMap(tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
- }
-
- if (StringUtils.equals(serviceTags.getTagModel(), ServiceTags.TAGMODEL_RESOURCE_PRIVATE)) {
- tagStore.deleteTag(tagId);
+ if (tagResourceMap != null) {
+ tagStore.deleteTagResourceMap(tagResourceMap.getId());
+ }
if (LOG.isDebugEnabled()) {
- LOG.debug("Deleted tag(tagId=" + tagId + ") as tagModel=" + ServiceTags.TAGMODEL_RESOURCE_PRIVATE);
+ LOG.debug("Deleted tagResourceMap(tagId=" + tagId + ", resourceId=" + resourceInStore.getId());
}
}
}
@@ -323,6 +349,84 @@ public class ServiceTagsProcessor {
}
}
+ private RangerTag findTagInList(RangerTag object, List<RangerTag> list) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceTagsProcessor.findTagInList(): object=" + (object == null ? null : object.getId()));
+ }
+ RangerTag ret = null;
+ if (object != null) {
+ for (RangerTag tag : list) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceTagsProcessor.findTagInList(): tag=" + tag.getId());
+ }
+ if (tag.getId().equals(object.getId())) {
+ ret = tag;
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceTagsProcessor.findTagInList(): found tag=" + tag.getId());
+ }
+ break;
+ }
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceTagsProcessor.findTagInList(): ret=" + (ret == null ? null : ret.getId()));
+ }
+ return ret;
+ }
+ private boolean isResourcePrivateTag(RangerTag tag) {
+ return tag.getOwner() == RangerTag.OWNER_SERVICERESOURCE;
+ }
+
+ private RangerTag findMatchingTag(RangerTag incomingTag, List<RangerTag> existingTags) throws Exception {
+
+ RangerTag ret = null;
+
+ if(StringUtils.isNotEmpty(incomingTag.getGuid())) {
+ ret = tagStore.getTagByGuid(incomingTag.getGuid());
+ }
+
+ if (ret == null) {
+
+ if (isResourcePrivateTag(incomingTag)) {
+
+ for (RangerTag existingTag : existingTags) {
+
+ if (StringUtils.equals(incomingTag.getType(), existingTag.getType())) {
+
+ // Check attribute values
+ Map<String, String> incomingTagAttributes = incomingTag.getAttributes();
+ Map<String, String> existingTagAttributes = existingTag.getAttributes();
+
+ if (CollectionUtils.isEqualCollection(incomingTagAttributes.keySet(), existingTagAttributes.keySet())) {
+
+ boolean matched = true;
+
+ for (Map.Entry<String, String> entry : incomingTagAttributes.entrySet()) {
+
+ String key = entry.getKey();
+ String value = entry.getValue();
+
+ if (!StringUtils.equals(value, existingTagAttributes.get(key))) {
+ matched = false;
+ break;
+ }
+
+ }
+ if (matched) {
+ ret = existingTag;
+ break;
+ }
+ }
+
+ }
+ }
+ }
+
+ }
+
+ return ret;
+ }
+
private void delete(ServiceTags serviceTags) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceTagsProcessor.delete()");
@@ -332,7 +436,6 @@ public class ServiceTagsProcessor {
List<RangerServiceResource> serviceResources = serviceTags.getServiceResources();
if (CollectionUtils.isNotEmpty(serviceResources)) {
- boolean isResourePrivateTag = StringUtils.equals(serviceTags.getTagModel(), ServiceTags.TAGMODEL_RESOURCE_PRIVATE) ? true : false;
for (RangerServiceResource serviceResource : serviceResources) {
try {
@@ -344,13 +447,7 @@ public class ServiceTagsProcessor {
if (CollectionUtils.isNotEmpty(tagResourceMaps)) {
for (RangerTagResourceMap tagResourceMap : tagResourceMaps) {
- long tagId = tagResourceMap.getTagId();
-
tagStore.deleteTagResourceMap(tagResourceMap.getId());
-
- if(isResourePrivateTag) {
- tagStore.deleteTag(tagId);
- }
}
}
@@ -408,9 +505,7 @@ public class ServiceTagsProcessor {
LOG.debug("==> ServiceTagsProcessor.replace()");
}
- boolean isResourePrivateTag = StringUtils.equals(serviceTags.getTagModel(), ServiceTags.TAGMODEL_RESOURCE_PRIVATE) ? true : false;
-
- tagStore.deleteAllTagObjectsForService(serviceTags.getServiceName(), isResourePrivateTag);
+ tagStore.deleteAllTagObjectsForService(serviceTags.getServiceName());
addOrUpdate(serviceTags);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 378ff0b..c69ceed 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -778,26 +778,27 @@ public class TagREST {
}
@GET
- @Path(TagRESTConstants.RESOURCE_RESOURCE + "signature/{resourceSignature}")
+ @Path(TagRESTConstants.RESOURCE_RESOURCE + "service/{serviceName}/signature/{resourceSignature}")
@Produces({ "application/json", "application/xml" })
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- public RangerServiceResource getServiceResourceByResourceSignature(@PathParam("resourceSignature") String resourceSignature) {
+ public RangerServiceResource getServiceResourceByServiceAndResourceSignature(@PathParam("serviceName") String serviceName,
+ @PathParam("resourceSignature") String resourceSignature) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> TagREST.getServiceResourceByResourceSignature(" + resourceSignature + ")");
+ LOG.debug("==> TagREST.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + ")");
}
RangerServiceResource ret = null;
try {
- ret = tagStore.getServiceResourceByResourceSignature(resourceSignature);
+ ret = tagStore.getServiceResourceByServiceAndResourceSignature(serviceName, resourceSignature);
} catch(Exception excp) {
- LOG.error("getServiceResourceByResourceSignature(" + resourceSignature + ") failed", excp);
+ LOG.error("getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + ") failed", excp);
throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST, excp.getMessage(), true);
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== TagREST.getServiceResourceByResourceSignature(" + resourceSignature + "): " + ret);
+ LOG.debug("<== TagREST.getServiceResourceByServiceAndResourceSignature(" + serviceName + ", " + resourceSignature + "): " + ret);
}
return ret;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
index 5cf26c9..abaeac8 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceResourceService.java
@@ -91,10 +91,10 @@ public class RangerServiceResourceService extends RangerServiceResourceServiceBa
return ret;
}
- public RangerServiceResource getByResourceSignature(String resourceSignature) {
+ public RangerServiceResource getByServiceAndResourceSignature(Long serviceId, String resourceSignature) {
RangerServiceResource ret = null;
- XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByResourceSignature(resourceSignature);
+ XXServiceResource xxServiceResource = daoMgr.getXXServiceResource().findByServiceAndResourceSignature(serviceId, resourceSignature);
if(xxServiceResource != null) {
ret = populateViewBean(xxServiceResource);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 2bb66ca..739b5ca 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -891,6 +891,13 @@
</query>
</named-query>
+ <named-query name="XXTag.findByServiceIdAndOwner">
+ <query>select obj from XXTag obj where obj.owner = :owner and obj.id in
+ (select tagRes.tagId from XXTagResourceMap tagRes, XXServiceResource resource where tagRes.resourceId = resource.id and resource.serviceId = :serviceId)
+ order by obj.id
+ </query>
+ </named-query>
+
<named-query name="XXTagAttribute.findByTagId">
<query>select obj from XXTagAttribute obj where obj.tagId = :tagId</query>
</named-query>
@@ -902,6 +909,15 @@
</query>
</named-query>
+ <named-query name="XXTagAttribute.findByServiceIdAndOwner">
+ <query>select obj from XXTagAttribute obj where obj.tagId in
+ (select tag.id from XXTag tag where tag.owner = :owner and tag.id in
+ (select tagRes.tagId from XXTagResourceMap tagRes, XXServiceResource resource where tagRes.resourceId = resource.id and resource.serviceId = :serviceId)
+ )
+ order by obj.tagId
+ </query>
+ </named-query>
+
<named-query name="XXTagAttribute.findByResourceId">
<query>select obj from XXTagAttribute obj where obj.tagId in
(select tagRes.tagId from XXTagResourceMap tagRes where tagRes.resourceId = :resourceId)
@@ -926,8 +942,8 @@
</query>
</named-query>
- <named-query name="XXServiceResource.findByResourceSignature">
- <query>select obj from XXServiceResource obj where obj.resourceSignature = :resourceSignature</query>
+ <named-query name="XXServiceResource.findByServiceAndResourceSignature">
+ <query>select obj from XXServiceResource obj where obj.serviceId = :serviceId and obj.resourceSignature = :resourceSignature</query>
</named-query>
<!-- End <== JPA Queries for Tag Based Policies -->
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/tagsync/samples/tags.json
----------------------------------------------------------------------
diff --git a/tagsync/samples/tags.json b/tagsync/samples/tags.json
index 3028f9d..fe57135 100644
--- a/tagsync/samples/tags.json
+++ b/tagsync/samples/tags.json
@@ -1,20 +1,19 @@
{
"op": "add_or_update",
- "tagModel": "resource_private",
"serviceName": "cl1_hive",
"tagVersion": 1,
"tagUpdateTime": "20150924-22:26:33.000-+0000",
"tagDefinitions": {
- "1":{"id":1, "guid":"tagdef-1", "name":"PII", "attributeDefs":[]},
- "2":{"id":2, "guid":"tagdef-2", "name":"EXPIRES_ON", "attributeDefs":[{"name":"expiry_date", "type":"date"}]},
- "3":{"id":3, "guid":"tagdef-3", "name":"FINANCE", "attributeDefs":[]},
- "4":{"id":4, "guid":"tagdef-4", "name":"AUDIT", "attributeDefs":[]}
+ "1":{"id":1, "guid":"tagdef-1", "name":"PII", "attributeDefs":[], "owner":0},
+ "2":{"id":2, "guid":"tagdef-2", "name":"EXPIRES_ON", "attributeDefs":[{"name":"expiry_date", "type":"date"}], "owner":0},
+ "3":{"id":3, "guid":"tagdef-3", "name":"FINANCE", "attributeDefs":[], "owner":0},
+ "4":{"id":4, "guid":"tagdef-4", "name":"AUDIT", "attributeDefs":[], "owner":0}
},
"tags": {
- "1":{"id":1, "guid":"tag-1", "type":"PII", "attributes":{}},
- "2":{"id":2, "guid":"tag-2", "type":"EXPIRES_ON", "attributes":{"expiry_date":"2015/08/31"}},
- "3":{"id":3, "guid":"tag-3", "type":"FINANCE", "attributes":{}},
- "4":{"id":4, "guid":"tag-4", "type":"AUDIT", "attributes":{}}
+ "1":{"id":1, "guid":"tag-1", "type":"PII", "attributes":{}, "owner":0},
+ "2":{"id":2, "guid":"tag-2", "type":"EXPIRES_ON", "attributes":{"expiry_date":"2015/08/31"}, "owner":0},
+ "3":{"id":3, "guid":"tag-3", "type":"FINANCE", "attributes":{}, "owner":0},
+ "4":{"id":4, "guid":"tag-4", "type":"AUDIT", "attributes":{}, "owner":0}
},
"serviceResources": [
{
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
----------------------------------------------------------------------
diff --git a/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java b/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
index 2168983..a9316b5 100644
--- a/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
+++ b/tagsync/src/main/java/org/apache/ranger/tagsync/source/atlas/AtlasNotificationMapper.java
@@ -201,7 +201,6 @@ public class AtlasNotificationMapper {
}
ret.setOp(ServiceTags.OP_ADD_OR_UPDATE);
- ret.setTagModel(ServiceTags.TAGMODEL_RESOURCE_PRIVATE);
ret.setServiceName(serviceName);
}
@@ -232,7 +231,7 @@ public class AtlasNotificationMapper {
LOG.error("Could not get values for trait:" + trait.getTypeName(), exception);
}
- ret.add(new RangerTag(trait.getTypeName(), tagAttrs));
+ ret.add(new RangerTag(null, trait.getTypeName(), tagAttrs, RangerTag.OWNER_SERVICERESOURCE));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/38b79e72/tagsync/src/main/resources/etc/ranger/data/tags.json
----------------------------------------------------------------------
diff --git a/tagsync/src/main/resources/etc/ranger/data/tags.json b/tagsync/src/main/resources/etc/ranger/data/tags.json
index b4cd736..8861e03 100644
--- a/tagsync/src/main/resources/etc/ranger/data/tags.json
+++ b/tagsync/src/main/resources/etc/ranger/data/tags.json
@@ -1,6 +1,5 @@
{
"op":"add_or_update",
- "tagModel": "resource_private",
"serviceName": "cl1_hive",
"tagDefinitions": {
"1": {
@@ -23,7 +22,8 @@
"expiry_date": "2014/12/31"
},
"id": 1,
- "guid": "tag-1-guid"
+ "guid": "tag-1-guid",
+ "owner":0
}
},
"serviceResources": [