You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2015/04/05 08:37:53 UTC
incubator-ranger git commit: RANGER-371: policy search fix to use
resource value specified in the filter
Repository: incubator-ranger
Updated Branches:
refs/heads/master f5317ec95 -> 10f5fd607
RANGER-371: policy search fix to use resource value specified in the filter
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/10f5fd60
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/10f5fd60
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/10f5fd60
Branch: refs/heads/master
Commit: 10f5fd6072c46222022816f302f06e51ea078597
Parents: f5317ec
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Sat Apr 4 15:09:33 2015 -0700
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Sat Apr 4 15:09:33 2015 -0700
----------------------------------------------------------------------
.../plugin/store/AbstractServiceStore.java | 686 +++++++++++++++++++
.../ranger/plugin/store/file/BaseFileStore.java | 3 +-
.../plugin/store/file/ServiceFileStore.java | 631 +----------------
.../ranger/plugin/util/PolicyRefresher.java | 1 -
.../apache/ranger/plugin/util/SearchFilter.java | 16 +-
.../org/apache/ranger/biz/ServiceDBStore.java | 26 +-
.../apache/ranger/common/RangerSearchUtil.java | 37 +-
.../java/org/apache/ranger/rest/PublicAPIs.java | 11 +-
.../org/apache/ranger/rest/ServiceREST.java | 23 +-
.../ranger/service/RangerPolicyService.java | 2 +-
.../ranger/service/RangerServiceDefService.java | 2 +-
.../ranger/service/RangerServiceService.java | 2 +-
12 files changed, 786 insertions(+), 654 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
new file mode 100644
index 0000000..ee480fa
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractServiceStore.java
@@ -0,0 +1,686 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.store;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections.Predicate;
+import org.apache.commons.collections.PredicateUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.plugin.model.RangerBaseModelObject;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+import org.apache.ranger.plugin.util.SearchFilter;
+
+public abstract class AbstractServiceStore implements ServiceStore {
+ private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
+
+ public void applyFilter(List<? extends RangerBaseModelObject> objList, SearchFilter filter) {
+ if(CollectionUtils.isEmpty(objList)) {
+ return;
+ }
+
+ Predicate pred = getPredicate(filter);
+
+ if(pred != null) {
+ CollectionUtils.filter(objList, pred);
+ }
+
+ Comparator<RangerBaseModelObject> sorter = getSorter(filter);
+
+ if(sorter != null) {
+ Collections.sort(objList, sorter);
+ }
+ }
+
+ public Predicate getPredicate(SearchFilter filter) {
+ if(filter == null || filter.isEmpty()) {
+ return null;
+ }
+
+ List<Predicate> predicates = new ArrayList<Predicate>();
+
+ addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
+ addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
+ addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
+ addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
+ addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
+ addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
+ addPredicateForIsEnabled(filter.getParam(SearchFilter.IS_ENABLED), predicates);
+ addPredicateForIsRecursive(filter.getParam(SearchFilter.IS_RECURSIVE), predicates);
+ addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
+ addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
+ addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
+
+ Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
+
+ return ret;
+ }
+
+ public Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
+ String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
+
+ if(StringUtils.isEmpty(sortBy)) {
+ return null;
+ }
+
+ Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
+
+ return ret;
+ }
+
+ protected final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Long val1 = (o1 != null) ? o1.getId() : null;
+ Long val2 = (o2 != null) ? o2.getId() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getCreateTime() : null;
+ Date val2 = (o2 != null) ? o2.getCreateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
+ Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerServiceDef) {
+ val1 = ((RangerServiceDef)o1).getName();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerServiceDef) {
+ val2 = ((RangerServiceDef)o2).getName();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = null;
+ String val2 = null;
+
+ if(o1 != null) {
+ if(o1 instanceof RangerPolicy) {
+ val1 = ((RangerPolicy)o1).getService();
+ } else if(o1 instanceof RangerService) {
+ val1 = ((RangerService)o1).getType();
+ }
+ }
+
+ if(o2 != null) {
+ if(o2 instanceof RangerPolicy) {
+ val2 = ((RangerPolicy)o2).getService();
+ } else if(o2 instanceof RangerService) {
+ val2 = ((RangerService)o2).getType();
+ }
+ }
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
+ @Override
+ public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
+ String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
+ String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ protected final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
+ @Override
+ public int compare(RangerResourceDef o1, RangerResourceDef o2) {
+ Integer val1 = (o1 != null) ? o1.getLevel() : null;
+ Integer val2 = (o2 != null) ? o2.getLevel() : null;
+
+ return ObjectUtils.compare(val1, val2);
+ }
+ };
+
+ static {
+ sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
+ sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
+ sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
+ sorterMap.put(SearchFilter.POLICY_ID, idComparator);
+ sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
+ sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
+ }
+
+ private String getServiceType(String serviceName) {
+ RangerService service = null;
+
+ try {
+ service = getServiceByName(serviceName);
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getType() : null;
+ }
+
+ private Long getServiceId(String serviceName) {
+ RangerService service = null;
+
+ try {
+ service = getServiceByName(serviceName);
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return service != null ? service.getId() : null;
+ }
+
+ private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceType)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceType, service.getType());
+ } else if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+
+ ret = StringUtils.equals(serviceType, serviceDef.getName());
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceTypeId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerServiceDef) {
+ RangerServiceDef serviceDef = (RangerServiceDef)object;
+ Long svcDefId = serviceDef.getId();
+
+ if(svcDefId != null) {
+ ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(serviceName, policy.getService());
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ ret = StringUtils.equals(serviceName, service.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(ret != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(serviceId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+ Long svcId = getServiceId(policy.getService());
+
+ if(svcId != null) {
+ ret = StringUtils.equals(serviceId, svcId.toString());
+ }
+ } else if(object instanceof RangerService) {
+ RangerService service = (RangerService)object;
+
+ if(service.getId() != null) {
+ ret = StringUtils.equals(serviceId, service.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ ret = StringUtils.equals(policyName, policy.getName());
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(policyId)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(policy.getId() != null) {
+ ret = StringUtils.equals(policyId, policy.getId().toString());
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(userName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getUsers().contains(userName)) {
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(groupName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
+ if(policyItem.getGroups().contains(groupName)) {
+ ret = true;
+
+ break;
+ }
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForIsEnabled(final String status, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(status)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerBaseModelObject) {
+ RangerBaseModelObject obj = (RangerBaseModelObject)object;
+
+ if(Boolean.parseBoolean(status)) {
+ ret = obj.getIsEnabled();
+ } else {
+ ret = !obj.getIsEnabled();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
+ if(MapUtils.isEmpty(resources)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(! MapUtils.isEmpty(policy.getResources())) {
+ int numFound = 0;
+ for(String name : resources.keySet()) {
+ boolean isMatch = false;
+
+ RangerPolicyResource policyResource = policy.getResources().get(name);
+
+ if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
+ String val = resources.get(name);
+
+ if(policyResource.getValues().contains(val)) {
+ isMatch = true;
+ } else {
+ for(String policyResourceValue : policyResource.getValues()) {
+ if(FilenameUtils.wildcardMatch(val, policyResourceValue)) {
+ isMatch = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if(isMatch) {
+ numFound++;
+ } else {
+ break;
+ }
+ }
+
+ ret = numFound == resources.size();
+ }
+ } else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+
+ private Predicate addPredicateForIsRecursive(final String isRecursiveStr, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(isRecursiveStr)) {
+ return null;
+ }
+
+ final boolean isRecursive = Boolean.parseBoolean(isRecursiveStr);
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = true;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ if(! MapUtils.isEmpty(policy.getResources())) {
+ for(Map.Entry<String, RangerPolicyResource> e : policy.getResources().entrySet()) {
+ RangerPolicyResource resValue = e.getValue();
+
+ if(resValue.getIsRecursive() == null) {
+ ret = !isRecursive;
+ } else {
+ ret = resValue.getIsRecursive().booleanValue() == isRecursive;
+ }
+
+ if(ret) {
+ break;
+ }
+ }
+ }
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
index 001feb5..9785e77 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/BaseFileStore.java
@@ -41,11 +41,12 @@ import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.store.AbstractServiceStore;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
-public class BaseFileStore {
+public abstract class BaseFileStore extends AbstractServiceStore {
private static final Log LOG = LogFactory.getLog(BaseFileStore.class);
private Gson gsonBuilder = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
index 28e5c8c..b90de22 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/file/ServiceFileStore.java
@@ -23,15 +23,9 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.collections.Predicate;
-import org.apache.commons.collections.PredicateUtils;
-import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.ObjectUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
@@ -40,19 +34,14 @@ import org.apache.hadoop.fs.Path;
import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
import org.apache.ranger.plugin.model.RangerBaseModelObject;
import org.apache.ranger.plugin.model.RangerPolicy;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.resourcematcher.RangerAbstractResourceMatcher;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
-import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.plugin.util.ServicePolicies;
-public class ServiceFileStore extends BaseFileStore implements ServiceStore {
+public class ServiceFileStore extends BaseFileStore {
private static final Log LOG = LogFactory.getLog(ServiceFileStore.class);
public static final String PROPERTY_SERVICE_FILE_STORE_DIR = "ranger.service.store.file.dir";
@@ -930,622 +919,4 @@ public class ServiceFileStore extends BaseFileStore implements ServiceStore {
return ret;
}
-
- private String getServiceType(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getType() : null;
- }
-
- private Long getServiceId(String serviceName) {
- RangerService service = null;
-
- try {
- service = getServiceByName(serviceName);
- } catch(Exception excp) {
- // ignore
- }
-
- return service != null ? service.getId() : null;
- }
-
- private final static Comparator<RangerBaseModelObject> idComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Long val1 = (o1 != null) ? o1.getId() : null;
- Long val2 = (o2 != null) ? o2.getId() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> createTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getCreateTime() : null;
- Date val2 = (o2 != null) ? o2.getCreateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> updateTimeComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- Date val1 = (o1 != null) ? o1.getUpdateTime() : null;
- Date val2 = (o2 != null) ? o2.getUpdateTime() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceDefNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerServiceDef) {
- val1 = ((RangerServiceDef)o1).getName();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerServiceDef) {
- val2 = ((RangerServiceDef)o2).getName();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> serviceNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = null;
- String val2 = null;
-
- if(o1 != null) {
- if(o1 instanceof RangerPolicy) {
- val1 = ((RangerPolicy)o1).getService();
- } else if(o1 instanceof RangerService) {
- val1 = ((RangerService)o1).getType();
- }
- }
-
- if(o2 != null) {
- if(o2 instanceof RangerPolicy) {
- val2 = ((RangerPolicy)o2).getService();
- } else if(o2 instanceof RangerService) {
- val2 = ((RangerService)o2).getType();
- }
- }
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerBaseModelObject> policyNameComparator = new Comparator<RangerBaseModelObject>() {
- @Override
- public int compare(RangerBaseModelObject o1, RangerBaseModelObject o2) {
- String val1 = (o1 != null && o1 instanceof RangerPolicy) ? ((RangerPolicy)o1).getName() : null;
- String val2 = (o2 != null && o2 instanceof RangerPolicy) ? ((RangerPolicy)o2).getName() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private final static Comparator<RangerResourceDef> resourceLevelComparator = new Comparator<RangerResourceDef>() {
- @Override
- public int compare(RangerResourceDef o1, RangerResourceDef o2) {
- Integer val1 = (o1 != null) ? o1.getLevel() : null;
- Integer val2 = (o2 != null) ? o2.getLevel() : null;
-
- return ObjectUtils.compare(val1, val2);
- }
- };
-
- private Predicate getPredicate(SearchFilter filter) {
- if(filter == null || filter.isEmpty()) {
- return null;
- }
-
- List<Predicate> predicates = new ArrayList<Predicate>();
-
- addPredicateForLoginUser(filter.getParam(SearchFilter.LOGIN_USER), predicates);
- addPredicateForServiceType(filter.getParam(SearchFilter.SERVICE_TYPE), predicates);
- addPredicateForServiceTypeId(filter.getParam(SearchFilter.SERVICE_TYPE_ID), predicates);
- addPredicateForServiceName(filter.getParam(SearchFilter.SERVICE_NAME), predicates);
- addPredicateForServiceId(filter.getParam(SearchFilter.SERVICE_ID), predicates);
- addPredicateForPolicyName(filter.getParam(SearchFilter.POLICY_NAME), predicates);
- addPredicateForPolicyId(filter.getParam(SearchFilter.POLICY_ID), predicates);
- addPredicateForStatus(filter.getParam(SearchFilter.STATUS), predicates);
- addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
- addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
- addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
-
- Predicate ret = CollectionUtils.isEmpty(predicates) ? null : PredicateUtils.allPredicate(predicates);
-
- return ret;
- }
-
- private static Map<String, Comparator<RangerBaseModelObject>> sorterMap = new HashMap<String, Comparator<RangerBaseModelObject>>();
-
- static {
- sorterMap.put(SearchFilter.SERVICE_TYPE, serviceDefNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.SERVICE_NAME, serviceNameComparator);
- sorterMap.put(SearchFilter.SERVICE_TYPE_ID, idComparator);
- sorterMap.put(SearchFilter.POLICY_NAME, policyNameComparator);
- sorterMap.put(SearchFilter.POLICY_ID, idComparator);
- sorterMap.put(SearchFilter.CREATE_TIME, createTimeComparator);
- sorterMap.put(SearchFilter.UPDATE_TIME, updateTimeComparator);
- }
-
- private Comparator<RangerBaseModelObject> getSorter(SearchFilter filter) {
- String sortBy = filter == null ? null : filter.getParam(SearchFilter.SORT_BY);
-
- if(StringUtils.isEmpty(sortBy)) {
- return null;
- }
-
- Comparator<RangerBaseModelObject> ret = sorterMap.get(sortBy);
-
- return ret;
- }
-
- private Predicate addPredicateForLoginUser(final String loginUser, List<Predicate> predicates) {
- if(StringUtils.isEmpty(loginUser)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(!policyItem.getDelegateAdmin()) {
- continue;
- }
-
- if(policyItem.getUsers().contains(loginUser)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceType(final String serviceType, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceType)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceType, getServiceType(policy.getService()));
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceType, service.getType());
- } else if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
-
- ret = StringUtils.equals(serviceType, serviceDef.getName());
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceTypeId(final String serviceTypeId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceTypeId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerServiceDef) {
- RangerServiceDef serviceDef = (RangerServiceDef)object;
- Long svcDefId = serviceDef.getId();
-
- if(svcDefId != null) {
- ret = StringUtils.equals(serviceTypeId, svcDefId.toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceName(final String serviceName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(serviceName, policy.getService());
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- ret = StringUtils.equals(serviceName, service.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(ret != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForServiceId(final String serviceId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(serviceId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
- Long svcId = getServiceId(policy.getService());
-
- if(svcId != null) {
- ret = StringUtils.equals(serviceId, svcId.toString());
- }
- } else if(object instanceof RangerService) {
- RangerService service = (RangerService)object;
-
- if(service.getId() != null) {
- ret = StringUtils.equals(serviceId, service.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyName(final String policyName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- ret = StringUtils.equals(policyName, policy.getName());
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForPolicyId(final String policyId, List<Predicate> predicates) {
- if(StringUtils.isEmpty(policyId)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(policy.getId() != null) {
- ret = StringUtils.equals(policyId, policy.getId().toString());
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForUserName(final String userName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(userName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getUsers().contains(userName)) { // TODO: group membership check
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForGroupName(final String groupName, List<Predicate> predicates) {
- if(StringUtils.isEmpty(groupName)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- for(RangerPolicyItem policyItem : policy.getPolicyItems()) {
- if(policyItem.getGroups().contains(groupName)) {
- ret = true;
-
- break;
- }
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForStatus(final String status, List<Predicate> predicates) {
- if(StringUtils.isEmpty(status)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerBaseModelObject) {
- RangerBaseModelObject obj = (RangerBaseModelObject)object;
-
- if(StringUtils.equals(status, "enabled")) {
- ret = obj.getIsEnabled();
- } else if(StringUtils.equals(status, "disabled")) {
- ret = !obj.getIsEnabled();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
-
- private Predicate addPredicateForResources(final Map<String, String> resources, List<Predicate> predicates) {
- if(MapUtils.isEmpty(resources)) {
- return null;
- }
-
- Predicate ret = new Predicate() {
- @Override
- public boolean evaluate(Object object) {
- if(object == null) {
- return false;
- }
-
- boolean ret = false;
-
- if(object instanceof RangerPolicy) {
- RangerPolicy policy = (RangerPolicy)object;
-
- if(! MapUtils.isEmpty(policy.getResources())) {
- int numFound = 0;
- for(String name : resources.keySet()) {
- boolean isMatch = false;
-
- RangerPolicyResource policyResource = policy.getResources().get(name);
-
- if(policyResource != null && !CollectionUtils.isEmpty(policyResource.getValues())) {
- String val = resources.get(name);
-
- if(policyResource.getValues().contains(val)) {
- isMatch = true;
- } else {
- for(String policyResourceValue : policyResource.getValues()) {
- if(FilenameUtils.wildcardMatch(val, policyResourceValue)) {
- isMatch = true;
- break;
- }
- }
- }
- }
-
- if(isMatch) {
- numFound++;
- } else {
- break;
- }
- }
-
- ret = numFound == resources.size();
- }
- } else {
- ret = true;
- }
-
- return ret;
- }
- };
-
- if(predicates != null) {
- predicates.add(ret);
- }
-
- return ret;
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
index 6947a8e..b6acc43 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/PolicyRefresher.java
@@ -25,7 +25,6 @@ import java.io.FileWriter;
import java.io.Reader;
import java.io.Writer;
-import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
index 86e5f7d..dac8a8e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java
@@ -28,14 +28,14 @@ import org.apache.commons.lang.StringUtils;
public class SearchFilter {
- public static final String LOGIN_USER = "loginUser"; // search
public static final String SERVICE_TYPE = "serviceType"; // search, sort
public static final String SERVICE_TYPE_ID = "serviceTypeId"; // search, sort
public static final String SERVICE_NAME = "serviceName"; // search, sort
public static final String SERVICE_ID = "serviceId"; // search, sort
public static final String POLICY_NAME = "policyName"; // search, sort
public static final String POLICY_ID = "policyId"; // search, sort
- public static final String STATUS = "status"; // search
+ public static final String IS_ENABLED = "isEnabled"; // search
+ public static final String IS_RECURSIVE = "isRecursive"; // search
public static final String USER = "user"; // search
public static final String GROUP = "group"; // search
public static final String RESOURCE_PREFIX = "resource:"; // search
@@ -47,12 +47,12 @@ public class SearchFilter {
public static final String PAGE_SIZE = "pageSize";
public static final String SORT_BY = "sortBy";
- private Map<String, String> params = null;
- int startIndex = 0;
- int maxRows = Integer.MAX_VALUE;
- boolean getCount = true;
- String sortBy = null;
- String sortType = null;
+ private Map<String, String> params = null;
+ private int startIndex = 0;
+ private int maxRows = Integer.MAX_VALUE;
+ private boolean getCount = true;
+ private String sortBy = null;
+ private String sortType = null;
public SearchFilter() {
this(null);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 119ee64..6333b09 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -96,7 +96,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
-import org.apache.ranger.plugin.store.ServiceStore;
+import org.apache.ranger.plugin.store.AbstractServiceStore;
import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.service.RangerAuditFields;
import org.apache.ranger.service.RangerDataHistService;
@@ -120,7 +120,7 @@ import org.apache.ranger.plugin.util.SearchFilter;
@Component
-public class ServiceDBStore implements ServiceStore {
+public class ServiceDBStore extends AbstractServiceStore {
private static final Log LOG = LogFactory.getLog(ServiceDBStore.class);
@Autowired
@@ -391,6 +391,9 @@ public class ServiceDBStore implements ServiceStore {
}
RangerServiceDefList svcDefList = serviceDefService.searchRangerServiceDefs(filter);
+
+ applyFilter(svcDefList.getServiceDefs(), filter);
+
List<RangerServiceDef> ret = svcDefList.getServiceDefs();
if (LOG.isDebugEnabled()) {
@@ -407,6 +410,8 @@ public class ServiceDBStore implements ServiceStore {
RangerServiceDefList svcDefList = serviceDefService.searchRangerServiceDefs(filter);
+ applyFilter(svcDefList.getServiceDefs(), filter);
+
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getPaginatedServiceDefs(" + filter + ")");
}
@@ -654,9 +659,17 @@ public class ServiceDBStore implements ServiceStore {
if(LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getServices()");
}
+
RangerServiceList serviceList = svcService.searchRangerServices(filter);
+
+ applyFilter(serviceList.getServices(), filter);
+
List<RangerService> ret = serviceList.getServices();
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceDBStore.getServices()");
+ }
+
return ret;
}
@@ -664,11 +677,15 @@ public class ServiceDBStore implements ServiceStore {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.getPaginatedServices()");
}
+
RangerServiceList serviceList = svcService.searchRangerServices(filter);
+ applyFilter(serviceList.getServices(), filter);
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getPaginatedServices()");
}
+
return serviceList;
}
@@ -846,6 +863,9 @@ public class ServiceDBStore implements ServiceStore {
}
RangerPolicyList policyList = policyService.searchRangerPolicies(filter);
+
+ applyFilter(policyList.getPolicies(), filter);
+
List<RangerPolicy> ret = policyList.getPolicies();
if(LOG.isDebugEnabled()) {
@@ -862,6 +882,8 @@ public class ServiceDBStore implements ServiceStore {
RangerPolicyList policyList = policyService.searchRangerPolicies(filter);
+ applyFilter(policyList.getPolicies(), filter);
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceDBStore.getPaginatedPolicies()");
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index 205f4f5..1a45d43 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -51,7 +51,6 @@ public class RangerSearchUtil extends SearchUtil {
ret.setParams(new HashMap<String, String>());
}
- ret.setParam(SearchFilter.LOGIN_USER, request.getParameter(SearchFilter.LOGIN_USER));
ret.setParam(SearchFilter.SERVICE_TYPE, request.getParameter(SearchFilter.SERVICE_TYPE));
ret.setParam(SearchFilter.SERVICE_TYPE_ID, request.getParameter(SearchFilter.SERVICE_TYPE_ID));
ret.setParam(SearchFilter.SERVICE_NAME, request.getParameter(SearchFilter.SERVICE_NAME));
@@ -59,7 +58,8 @@ public class RangerSearchUtil extends SearchUtil {
ret.setParam(SearchFilter.POLICY_NAME, request.getParameter(SearchFilter.POLICY_NAME));
ret.setParam(SearchFilter.POLICY_NAME_PARTIAL, request.getParameter(SearchFilter.POLICY_NAME_PARTIAL));
ret.setParam(SearchFilter.POLICY_ID, request.getParameter(SearchFilter.POLICY_ID));
- ret.setParam(SearchFilter.STATUS, request.getParameter(SearchFilter.STATUS));
+ ret.setParam(SearchFilter.IS_ENABLED, request.getParameter(SearchFilter.IS_ENABLED));
+ ret.setParam(SearchFilter.IS_RECURSIVE, request.getParameter(SearchFilter.IS_RECURSIVE));
ret.setParam(SearchFilter.USER, request.getParameter(SearchFilter.USER));
ret.setParam(SearchFilter.GROUP, request.getParameter(SearchFilter.GROUP));
ret.setParam(SearchFilter.POL_RESOURCE, request.getParameter(SearchFilter.POL_RESOURCE));
@@ -79,6 +79,39 @@ public class RangerSearchUtil extends SearchUtil {
return ret;
}
+ public SearchFilter getSearchFilterFromLegacyRequest(HttpServletRequest request, List<SortField> sortFields) {
+ if (request == null) {
+ return null;
+ }
+
+ SearchFilter ret = new SearchFilter();
+
+ if (MapUtils.isEmpty(request.getParameterMap())) {
+ ret.setParams(new HashMap<String, String>());
+ }
+
+ ret.setParam(SearchFilter.SERVICE_TYPE, request.getParameter("repositoryType"));
+ ret.setParam(SearchFilter.SERVICE_NAME, request.getParameter("repositoryName"));
+ ret.setParam(SearchFilter.SERVICE_ID, request.getParameter("repositoryId"));
+ ret.setParam(SearchFilter.POLICY_NAME, request.getParameter("policyName"));
+ ret.setParam(SearchFilter.USER, request.getParameter("userName"));
+ ret.setParam(SearchFilter.GROUP, request.getParameter("groupName"));
+ ret.setParam(SearchFilter.IS_ENABLED, request.getParameter("isEnabled"));
+ ret.setParam(SearchFilter.IS_RECURSIVE, request.getParameter("isRecursive"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "path", request.getParameter("resourceName"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "database", request.getParameter("databases"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "table", request.getParameter("tables"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "udf", request.getParameter("udfs"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "column", request.getParameter("columns"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "column-family", request.getParameter("columnFamilies"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "topology", request.getParameter("topologies"));
+ ret.setParam(SearchFilter.RESOURCE_PREFIX + "service", request.getParameter("services"));
+
+ extractCommonCriteriasForFilter(request, ret, sortFields);
+
+ return ret;
+ }
+
public SearchFilter extractCommonCriteriasForFilter(HttpServletRequest request, SearchFilter ret, List<SortField> sortFields) {
int startIndex = restErrorUtil.parseInt(request.getParameter(SearchFilter.START_INDEX), 0,
"Invalid value for parameter startIndex", MessageEnums.INVALID_INPUT_DATA, null,
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
index ae11a1b..ece20b1 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java
@@ -46,6 +46,8 @@ import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerService;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.XAssetService;
import org.apache.ranger.service.XPolicyService;
import org.apache.ranger.service.XRepositoryService;
@@ -95,6 +97,9 @@ public class PublicAPIs {
XPolicyService xPolicyService;
@Autowired
+ RangerPolicyService policyService;
+
+ @Autowired
StringUtil stringUtil;
@Autowired
@@ -407,8 +412,10 @@ public class PublicAPIs {
if(logger.isDebugEnabled()) {
logger.debug("==> PublicAPIs.searchPolicies(): ");
}
-
- List<RangerPolicy> rangerPolicyList = serviceREST.getPolicies(request);
+
+ SearchFilter filter = searchUtil.getSearchFilterFromLegacyRequest(request, policyService.sortFields);
+
+ List<RangerPolicy> rangerPolicyList = serviceREST.getPolicies(filter);
VXPolicyList vXPolicyList = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index d7182a3..c85422c 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -936,13 +936,26 @@ public class ServiceREST {
@Produces({ "application/json", "application/xml" })
public List<RangerPolicy> getPolicies(@Context HttpServletRequest request) {
if(LOG.isDebugEnabled()) {
- LOG.debug("==> ServiceREST.getPolicies()");
+ LOG.debug("==> ServiceREST.getPolicies(request)");
}
- List<RangerPolicy> ret = null;
-
SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields);
-
+
+ List<RangerPolicy> ret = getPolicies(filter);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicies(request): count=" + (ret == null ? 0 : ret.size()));
+ }
+
+ return ret;
+ }
+
+ public List<RangerPolicy> getPolicies(SearchFilter filter) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicies(filter)");
+ }
+
+ List<RangerPolicy> ret = null;
try {
ret = svcStore.getPolicies(filter);
@@ -953,7 +966,7 @@ public class ServiceREST {
}
if(LOG.isDebugEnabled()) {
- LOG.debug("<== ServiceREST.getPolicies(): count=" + (ret == null ? 0 : ret.size()));
+ LOG.debug("<== ServiceREST.getPolicies(filter): count=" + (ret == null ? 0 : ret.size()));
}
return ret;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index f49da1b..3193407 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -79,7 +79,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
"XXService xSvc", "xSvc.id = obj.service"));
searchFields.add(new SearchField(SearchFilter.SERVICE_ID, "xSvc.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL,
"XXService xSvc", "xSvc.id = obj.service"));
- searchFields.add(new SearchField(SearchFilter.STATUS, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
+ searchFields.add(new SearchField(SearchFilter.IS_ENABLED, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.POLICY_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.POLICY_NAME, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.USER, "xUser.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL,
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
index acf0bf1..a6a0cbb 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceDefService.java
@@ -34,7 +34,7 @@ public class RangerServiceDefService extends RangerServiceDefServiceBase<XXServi
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
- searchFields.add(new SearchField(SearchFilter.STATUS, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
+ searchFields.add(new SearchField(SearchFilter.IS_ENABLED, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime"));
sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime"));
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/10f5fd60/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index 171b89b..9d1ebd6 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -58,7 +58,7 @@ public class RangerServiceService extends RangerServiceServiceBase<XXService, Ra
searchFields.add(new SearchField(SearchFilter.SERVICE_TYPE_ID, "obj.type", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.SERVICE_NAME, "obj.name", DATA_TYPE.STRING, SEARCH_TYPE.FULL));
searchFields.add(new SearchField(SearchFilter.SERVICE_ID, "obj.id", DATA_TYPE.INTEGER, SEARCH_TYPE.FULL));
- searchFields.add(new SearchField(SearchFilter.STATUS, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
+ searchFields.add(new SearchField(SearchFilter.IS_ENABLED, "obj.isEnabled", DATA_TYPE.BOOLEAN, SEARCH_TYPE.FULL));
sortFields.add(new SortField(SearchFilter.CREATE_TIME, "obj.createTime"));
sortFields.add(new SortField(SearchFilter.UPDATE_TIME, "obj.updateTime"));