You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sp...@apache.org on 2020/09/08 22:32:17 UTC
[ranger] branch ranger-2.2 updated: RANGER-2985, RANGER-2845,
and RAGNER-2848: ranger-2.2 branch
This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch ranger-2.2
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.2 by this push:
new 53938ba RANGER-2985, RANGER-2845, and RAGNER-2848: ranger-2.2 branch
53938ba is described below
commit 53938ba0da2c4028cef9b3202c883d377f9ced6f
Author: Sailaja Polavarapu <sp...@cloudera.com>
AuthorDate: Tue Sep 8 15:22:23 2020 -0700
RANGER-2985, RANGER-2845, and RAGNER-2848: ranger-2.2 branch
---
.../service-defs/ranger-servicedef-ozone.json | 65 +---
distro/src/main/assembly/plugin-ozone.xml | 4 +-
plugin-ozone/pom.xml | 6 +-
.../ozone/authorizer/RangerOzoneAuthorizer.java | 8 +
.../ranger/services/ozone/RangerServiceOzone.java | 4 +
ranger-ozone-plugin-shim/pom.xml | 16 +-
.../optimized/current/ranger_core_db_mysql.sql | 1 +
.../optimized/current/ranger_core_db_oracle.sql | 1 +
.../optimized/current/ranger_core_db_postgres.sql | 1 +
.../current/ranger_core_db_sqlanywhere.sql | 2 +
.../optimized/current/ranger_core_db_sqlserver.sql | 1 +
.../PatchForOzoneServiceDefUpdate_J10041.java | 331 +++++++++++++++++++++
12 files changed, 372 insertions(+), 68 deletions(-)
diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
index 4f2a432..b9a0275 100755
--- a/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
+++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-ozone.json
@@ -16,8 +16,8 @@
"parent": "",
"mandatory": true,
"lookupSupported": true,
- "recursiveSupported": true,
- "excludesSupported": false,
+ "recursiveSupported": false,
+ "excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":false },
"validationRegEx":"",
@@ -55,7 +55,7 @@
"parent": "bucket",
"mandatory": true,
"lookupSupported": true,
- "recursiveSupported": false,
+ "recursiveSupported": true,
"excludesSupported": true,
"matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher",
"matcherOptions": { "wildCard":true, "ignoreCase":true },
@@ -80,7 +80,9 @@
"write",
"create",
"list",
- "delete"
+ "delete",
+ "read_acl",
+ "write_acl"
]
},
{
@@ -111,6 +113,16 @@
"itemId": 5,
"name": "delete",
"label": "Delete"
+ },
+ {
+ "itemId": 6,
+ "name": "read_acl",
+ "label": "Read_ACL"
+ },
+ {
+ "itemId": 7,
+ "name": "write_acl",
+ "label": "Write_ACL"
}
],
@@ -187,51 +199,6 @@
"validationRegEx":"",
"validationMessage": "",
"uiHint":""
- },
-
- {
- "itemId": 7,
- "name": "dfs.datanode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 8,
- "name": "dfs.namenode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 9,
- "name": "dfs.secondary.namenode.kerberos.principal",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":""
- },
-
- {
- "itemId": 10,
- "name": "commonNameForCertificate",
- "type": "string",
- "subType": "",
- "mandatory": false,
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Common Name for Certificate"
}
],
diff --git a/distro/src/main/assembly/plugin-ozone.xml b/distro/src/main/assembly/plugin-ozone.xml
index fb4cdd1..d673490 100644
--- a/distro/src/main/assembly/plugin-ozone.xml
+++ b/distro/src/main/assembly/plugin-ozone.xml
@@ -61,8 +61,8 @@
<include>org.slf4j:slf4j-api:jar:${slf4j-api.version}</include>
<include>org.apache.hadoop:hadoop-common:jar:${hadoop.version}</include>
<include>org.apache.hadoop:hadoop-auth:jar:${hadoop.version}</include>
- <include>org.apache.hadoop:hadoop-ozone:jar:0.4.0.3.0.100.0-SNAPSHOT</include>
- <include>org.apache.hadoop:hadoop-hdds:jar:0.4.0.3.0.100.0-SNAPSHOT</include>
+ <include>org.apache.hadoop:hadoop-ozone:jar:${ozone.version}</include>
+ <include>org.apache.hadoop:hadoop-hdds:jar:${ozone.version}</include>
<include>com.fasterxml.woodstox:woodstox-core:jar:${fasterxml.woodstox.version}</include>
<include>org.codehaus.woodstox:stax2-api:jar:${codehaus.woodstox.stax2api.version}</include>
<include>com.sun.jersey:jersey-core</include>
diff --git a/plugin-ozone/pom.xml b/plugin-ozone/pom.xml
index dd57209..e359b41 100644
--- a/plugin-ozone/pom.xml
+++ b/plugin-ozone/pom.xml
@@ -68,17 +68,17 @@ limitations under the License.
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-ozone-common</artifactId>
- <version>0.4.0-alpha</version>
+ <version>${ozone.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdds-common</artifactId>
- <version>0.4.0-alpha</version>
+ <version>${ozone.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-ozone-client</artifactId>
- <version>0.4.0-alpha</version>
+ <version>${ozone.version}</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
index 46b9932..5246af1 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/authorization/ozone/authorizer/RangerOzoneAuthorizer.java
@@ -44,6 +44,8 @@ public class RangerOzoneAuthorizer implements IAccessAuthorizer {
public static final String ACCESS_TYPE_CREATE = "create";
public static final String ACCESS_TYPE_LIST = "list";
public static final String ACCESS_TYPE_DELETE = "delete";
+ public static final String ACCESS_TYPE_READ_ACL = "read_acl";
+ public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
public static final String KEY_RESOURCE_VOLUME = "volume";
@@ -187,6 +189,12 @@ public class RangerOzoneAuthorizer implements IAccessAuthorizer {
case LIST:
rangerAccessType = ACCESS_TYPE_LIST;
break;
+ case READ_ACL:
+ rangerAccessType = ACCESS_TYPE_READ_ACL;
+ break;
+ case WRITE_ACL:
+ rangerAccessType = ACCESS_TYPE_WRITE_ACL;
+ break;
}
return rangerAccessType;
}
diff --git a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
index e16b5db..d8fb317 100644
--- a/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
+++ b/plugin-ozone/src/main/java/org/apache/ranger/services/ozone/RangerServiceOzone.java
@@ -46,6 +46,8 @@ public class RangerServiceOzone extends RangerBaseService {
public static final String ACCESS_TYPE_CREATE = "create";
public static final String ACCESS_TYPE_LIST = "list";
public static final String ACCESS_TYPE_DELETE = "delete";
+ public static final String ACCESS_TYPE_READ_ACL = "read_acl";
+ public static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
public static final String ACCESS_TYPE_ALL = "all";
@@ -122,6 +124,8 @@ public class RangerServiceOzone extends RangerBaseService {
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_CREATE));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_LIST));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_DELETE));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_READ_ACL));
+ accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_WRITE_ACL));
accessListForLookupUser.add(new RangerPolicyItemAccess(ACCESS_TYPE_ALL));
policyItemForLookupUser.setUsers(Collections.singletonList(lookUpUser));
policyItemForLookupUser.setAccesses(accessListForLookupUser);
diff --git a/ranger-ozone-plugin-shim/pom.xml b/ranger-ozone-plugin-shim/pom.xml
index cf9aacc..8c8c275 100644
--- a/ranger-ozone-plugin-shim/pom.xml
+++ b/ranger-ozone-plugin-shim/pom.xml
@@ -62,24 +62,12 @@
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-ozone-common</artifactId>
- <!--
- <version>0.4.0.3.0.100.0-SNAPSHOT</version>
- <version>0.4.0-alpha</version>
- <scope>system</scope>
- <systemPath>${project.basedir}/src/main/resources/hadoop-ozone-common-0.4.0-alpha.jar</systemPath>
- -->
- <version>0.4.0-alpha</version>
+ <version>${ozone.version}</version>
</dependency>
<dependency>
<groupId>org.apache.hadoop</groupId>
<artifactId>hadoop-hdds-common</artifactId>
- <!--
- <version>0.4.0.3.0.100.0-SNAPSHOT</version>
- <version>0.4.0-alpha</version>
- <scope>system</scope>
- <systemPath>${project.basedir}/src/main/resources/hadoop-hdds-common-0.4.0-alpha.jar</systemPath>
- -->
- <version>0.4.0-alpha</version>
+ <version>${ozone.version}</version>
</dependency>
<dependency>
<groupId>org.apache.ranger</groupId>
diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
index 3320fc2..e9f41ea 100644
--- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
+++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql
@@ -1759,4 +1759,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10038',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10040',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y');
diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
index 698a687..9d7556c 100644
--- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
+++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql
@@ -1934,5 +1934,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10037',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10038',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10040',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
+INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10041',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y');
commit;
diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
index edccc0a..8b4a713 100644
--- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
+++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql
@@ -1882,6 +1882,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10038',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10040',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y');
DROP VIEW IF EXISTS vx_trx_log;
diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
index 1ffbc6c..d46e57a 100644
--- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
+++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql
@@ -2281,6 +2281,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10040',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+GO
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
exit
diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
index 957f924..d4476a3 100644
--- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql
@@ -3965,6 +3965,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10037',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10038',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10040',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
+INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10041',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y');
GO
CREATE VIEW [dbo].[vx_trx_log] AS
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10041.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10041.java
new file mode 100644
index 0000000..28d0eb6
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForOzoneServiceDefUpdate_J10041.java
@@ -0,0 +1,331 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.patch;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.RangerBizUtil;
+import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.JSONUtil;
+import org.apache.ranger.common.RangerValidatorFactory;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXService;
+import org.apache.ranger.entity.XXServiceDef;
+import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator;
+import org.apache.ranger.plugin.model.validation.RangerValidator;
+import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
+import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.service.RangerPolicyService;
+import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XPolicyService;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Map;
+import java.util.Arrays;
+import java.util.HashMap;
+
+@Component
+public class PatchForOzoneServiceDefUpdate_J10041 extends BaseLoader {
+ private static final Logger logger = Logger.getLogger(PatchForOzoneServiceDefUpdate_J10041.class);
+ private static final List<String> OZONE_CONFIGS = new ArrayList<>(
+ Arrays.asList("dfs.datanode.kerberos.principal", "dfs.namenode.kerberos.principal", "dfs.secondary.namenode.kerberos.principal", "commonNameForCertificate"));
+ private static final String OZONE_RESOURCE_VOLUME = "volume";
+ private static final String OZONE_RESOURCE_KEY = "key";
+ private static final String ACCESS_TYPE_READ_ACL = "read_acl";
+ private static final String ACCESS_TYPE_WRITE_ACL = "write_acl";
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ ServiceDBStore svcDBStore;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ @Autowired
+ RangerPolicyService policyService;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ XPolicyService xPolService;
+
+ @Autowired
+ XPermMapService xPermMapService;
+
+ @Autowired
+ RangerBizUtil bizUtil;
+
+ @Autowired
+ RangerValidatorFactory validatorFactory;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchForOzoneServiceDefUpdate_J10041 loader = (PatchForOzoneServiceDefUpdate_J10041) CLIUtil.getBean(PatchForOzoneServiceDefUpdate_J10041.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting.");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void printStats() {
+ logger.info("PatchForOzoneServiceDefUpdate data ");
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PatchForOzoneServiceDefUpdate.execLoad()");
+ try {
+ if (!updateOzoneServiceDef()) {
+ logger.error("Failed to apply the patch.");
+ System.exit(1);
+ }
+ } catch (Exception e) {
+ logger.error("Error while updateOzoneServiceDef()data.", e);
+ System.exit(1);
+ }
+ logger.info("<== PatchForOzoneServiceDefUpdate.execLoad()");
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ private boolean updateOzoneServiceDef() throws Exception {
+ RangerServiceDef ret;
+ RangerServiceDef embeddedOzoneServiceDef;
+ RangerServiceDef dbOzoneServiceDef;
+ List<RangerServiceDef.RangerServiceConfigDef> embeddedOzoneConfigDefs;
+ List<RangerServiceDef.RangerResourceDef> embeddedOzoneResourceDefs;
+ List<RangerServiceDef.RangerAccessTypeDef> embeddedOzoneAccessTypes;
+ XXServiceDef xXServiceDefObj;
+
+ embeddedOzoneServiceDef = EmbeddedServiceDefsUtil.instance().getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
+
+ if (embeddedOzoneServiceDef != null) {
+ xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
+ Map<String, String> serviceDefOptionsPreUpdate;
+ String jsonPreUpdate;
+
+ if (xXServiceDefObj != null) {
+ jsonPreUpdate = xXServiceDefObj.getDefOptions();
+ serviceDefOptionsPreUpdate = jsonStringToMap(jsonPreUpdate);
+ } else {
+ logger.error("Ozone service-definition does not exist in the Ranger DAO.");
+ return false;
+ }
+ dbOzoneServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
+
+ if (dbOzoneServiceDef != null) {
+ // Remove old Ozone configs
+ embeddedOzoneConfigDefs = embeddedOzoneServiceDef.getConfigs();
+ if (checkNotConfigPresent(embeddedOzoneConfigDefs)) {
+ dbOzoneServiceDef.setConfigs(embeddedOzoneConfigDefs);
+ }
+
+ // Update volume resource with recursive flag false and key resource with recursive flag true
+ embeddedOzoneResourceDefs = embeddedOzoneServiceDef.getResources();
+ if (checkVolKeyResUpdate(embeddedOzoneResourceDefs)) {
+ dbOzoneServiceDef.setResources(embeddedOzoneResourceDefs);
+ }
+
+ // Add new access types
+ embeddedOzoneAccessTypes = embeddedOzoneServiceDef.getAccessTypes();
+
+ if (embeddedOzoneAccessTypes != null) {
+ if (checkAccessTypesPresent(embeddedOzoneAccessTypes)) {
+ if (!embeddedOzoneAccessTypes.toString().equalsIgnoreCase(dbOzoneServiceDef.getAccessTypes().toString())) {
+ dbOzoneServiceDef.setAccessTypes(embeddedOzoneAccessTypes);
+ }
+ }
+ }
+ } else {
+ logger.error("Ozone service-definition does not exist in the db store.");
+ return false;
+ }
+ RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcDBStore);
+ validator.validate(dbOzoneServiceDef, RangerValidator.Action.UPDATE);
+
+ ret = svcDBStore.updateServiceDef(dbOzoneServiceDef);
+ if (ret == null) {
+ throw new RuntimeException("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME + " service-def");
+ }
+ xXServiceDefObj = daoMgr.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_OZONE_NAME);
+ if (xXServiceDefObj != null) {
+ String jsonStrPostUpdate = xXServiceDefObj.getDefOptions();
+ Map<String, String> serviceDefOptionsPostUpdate = jsonStringToMap(jsonStrPostUpdate);
+ if (serviceDefOptionsPostUpdate != null && serviceDefOptionsPostUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
+ if (serviceDefOptionsPreUpdate == null || !serviceDefOptionsPreUpdate.containsKey(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES)) {
+ String preUpdateValue = serviceDefOptionsPreUpdate == null ? null : serviceDefOptionsPreUpdate.get(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ if (preUpdateValue == null) {
+ serviceDefOptionsPostUpdate.remove(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES);
+ } else {
+ serviceDefOptionsPostUpdate.put(RangerServiceDef.OPTION_ENABLE_DENY_AND_EXCEPTIONS_IN_POLICIES, preUpdateValue);
+ }
+ xXServiceDefObj.setDefOptions(mapToJsonString(serviceDefOptionsPostUpdate));
+ daoMgr.getXXServiceDef().update(xXServiceDefObj);
+ }
+ }
+ } else {
+ logger.error("Ozone service-definition does not exist in the Ranger DAO.");
+ return false;
+ }
+ List<XXService> dbServices = daoMgr.getXXService().findByServiceDefId(embeddedOzoneServiceDef.getId());
+ if (CollectionUtils.isNotEmpty(dbServices)) {
+ for(XXService dbService : dbServices) {
+ SearchFilter filter = new SearchFilter();
+ filter.setParam(SearchFilter.SERVICE_NAME, dbService.getName());
+ updateExisitngOzonePolicies(svcDBStore.getServicePolicies(dbService.getId(), filter));
+ }
+ }
+ } else {
+ logger.error("The embedded Ozone service-definition does not exist.");
+ return false;
+ }
+ return true;
+ }
+
+ private boolean checkNotConfigPresent(List<RangerServiceDef.RangerServiceConfigDef> configDefs) {
+ boolean ret = false;
+ List<String> configNames = new ArrayList<>();
+ for (RangerServiceDef.RangerServiceConfigDef configDef : configDefs) {
+ configNames.add(configDef.getName());
+ }
+ for (String delConfig : OZONE_CONFIGS) {
+ if (!configNames.contains(delConfig)) {
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private boolean checkVolKeyResUpdate(List<RangerServiceDef.RangerResourceDef> embeddedOzoneResDefs) {
+ boolean ret = false;
+ for (RangerServiceDef.RangerResourceDef resDef : embeddedOzoneResDefs) {
+ if ((resDef.getName().equals(OZONE_RESOURCE_VOLUME) && (!resDef.getRecursiveSupported() || resDef.getExcludesSupported())) ||
+ (resDef.getName().equals(OZONE_RESOURCE_KEY) && resDef.getRecursiveSupported())) {
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private boolean checkAccessTypesPresent(List<RangerServiceDef.RangerAccessTypeDef> embeddedOzoneAccessTypes) {
+ boolean ret = false;
+ for (RangerServiceDef.RangerAccessTypeDef accessDef : embeddedOzoneAccessTypes) {
+ if (ACCESS_TYPE_READ_ACL.equals(accessDef.getName()) || ACCESS_TYPE_WRITE_ACL.equals(accessDef.getName())) {
+ ret = true;
+ break;
+ }
+ }
+ return ret;
+ }
+
+ private void updateExisitngOzonePolicies(List<RangerPolicy> policies) throws Exception{
+ if (CollectionUtils.isNotEmpty(policies)) {
+ for (RangerPolicy policy : policies) {
+ List<RangerPolicy.RangerPolicyItem> policyItems = policy.getPolicyItems();
+ if (CollectionUtils.isNotEmpty(policyItems)) {
+ for (RangerPolicy.RangerPolicyItem policyItem : policyItems) {
+ List<RangerPolicy.RangerPolicyItemAccess> policyItemAccesses = policyItem.getAccesses();
+ // Add new access types
+ policyItemAccesses.add(new RangerPolicy.RangerPolicyItemAccess("read_acl"));
+ policyItemAccesses.add(new RangerPolicy.RangerPolicyItemAccess("write_acl"));
+ policyItem.setAccesses(policyItemAccesses);
+ }
+ }
+ Map<String, RangerPolicy.RangerPolicyResource> policyResources = policy.getResources();
+ if (MapUtils.isNotEmpty(policyResources)) {
+ if (policyResources.containsKey(OZONE_RESOURCE_VOLUME)) {
+ // Set recursive flag as false for volume resource
+ policyResources.get(OZONE_RESOURCE_VOLUME).setIsRecursive(false);
+ // Set exclude support flag as true for volume resource
+ policyResources.get(OZONE_RESOURCE_VOLUME).setIsExcludes(true);
+ }
+ if (policyResources.containsKey(OZONE_RESOURCE_KEY)) {
+ // Set is recursive flag as true for volume resource
+ policyResources.get(OZONE_RESOURCE_KEY).setIsRecursive(true);
+ }
+ }
+ svcDBStore.updatePolicy(policy);
+ }
+ }
+ }
+
+
+ private String mapToJsonString(Map<String, String> map) {
+ String ret = null;
+ if (map != null) {
+ try {
+ ret = jsonUtil.readMapToString(map);
+ } catch (Exception ex) {
+ logger.warn("mapToJsonString() failed to convert map: " + map, ex);
+ }
+ }
+ return ret;
+ }
+
+ protected Map<String, String> jsonStringToMap(String jsonStr) {
+ Map<String, String> ret = null;
+ if (!StringUtils.isEmpty(jsonStr)) {
+ try {
+ ret = jsonUtil.jsonToMap(jsonStr);
+ } catch (Exception ex) {
+ // fallback to earlier format: "name1=value1;name2=value2"
+ for (String optionString : jsonStr.split(";")) {
+ if (StringUtils.isEmpty(optionString)) {
+ continue;
+ }
+ String[] nvArr = optionString.split("=");
+ String name = (nvArr != null && nvArr.length > 0) ? nvArr[0].trim() : null;
+ String value = (nvArr != null && nvArr.length > 1) ? nvArr[1].trim() : null;
+ if (StringUtils.isEmpty(name)) {
+ continue;
+ }
+ if (ret == null) {
+ ret = new HashMap<String, String>();
+ }
+ ret.put(name, value);
+ }
+ }
+ }
+ return ret;
+ }
+}