You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/10/14 04:08:28 UTC
[ranger] 01/02: RANGER-3439: REST api to get or delete ranger
policy based on guid and service name
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit db9f9a488e99092b9c0dba125dcb5e5efa2ad9a6
Author: pradeep <pr...@apache.org>
AuthorDate: Wed Sep 22 16:17:52 2021 +0530
RANGER-3439: REST api to get or delete ranger policy based on guid and service name
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 11 ++++
.../java/org/apache/ranger/db/XXPolicyDao.java | 12 ++++
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 14 +++++
.../java/org/apache/ranger/rest/ServiceREST.java | 64 ++++++++++++++++++++++
.../main/resources/META-INF/jpa_named_queries.xml | 4 ++
5 files changed, 105 insertions(+)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 3cd289c..f13cef7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -2298,6 +2298,17 @@ public class ServiceDBStore extends AbstractServiceStore {
return policyService.read(id);
}
+ public RangerPolicy getPolicy(String guid, String serviceName) throws Exception {
+ RangerPolicy ret = null;
+ if (StringUtils.isNotBlank(guid) && StringUtils.isNotBlank(serviceName)) {
+ XXPolicy xPolicy = daoMgr.getXXPolicy().findByPolicyGUIDAndServiceName(guid, serviceName);
+ if (xPolicy != null) {
+ ret = policyService.getPopulatedViewObject(xPolicy);
+ }
+ }
+ return ret;
+ }
+
@Override
public List<RangerPolicy> getPolicies(SearchFilter filter) throws Exception {
if(LOG.isDebugEnabled()) {
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
index 8659267..41ca8b2 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java
@@ -284,4 +284,16 @@ public class XXPolicyDao extends BaseDao<XXPolicy> {
}
return ret;
}
+
+ public XXPolicy findByPolicyGUIDAndServiceName(String guid, String serviceName) {
+ if (guid == null || serviceName == null) {
+ return null;
+ }
+ try {
+ XXPolicy xPol = getEntityManager().createNamedQuery("XXPolicy.findByGUIDAndServiceName", tClass).setParameter("guid", guid).setParameter("serviceName", serviceName).getSingleResult();
+ return xPol;
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index ab2f54a..6ab3d52 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -410,6 +410,13 @@ public class PublicAPIsv2 {
return serviceREST.getPoliciesForResource(serviceDefName, serviceName, request);
}
+ @GET
+ @Path("/api/policy/guid/{guid}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ return serviceREST.getPolicyByGUIDAndServiceName(guid, serviceName);
+ }
+
@POST
@Path("/api/policy/")
@Produces({ "application/json", "application/xml" })
@@ -506,6 +513,13 @@ public class PublicAPIsv2 {
}
}
+ @DELETE
+ @Path("/api/policy/guid/{guid}")
+ @Produces({ "application/json", "application/xml" })
+ public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ serviceREST.deletePolicyByGUIDAndServiceName(guid, serviceName);
+ }
+
@GET
@Path("/api/plugins/info")
public List<RangerPluginInfo> getPluginsInfo(@Context HttpServletRequest request) {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index f0bf64e7..01e952a 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -3759,6 +3759,70 @@ public class ServiceREST {
return new ResponseEntity<>(deletedServices, responseStatus);
}
+ @GET
+ @Path("/policies/guid/{guid}")
+ @Produces({ "application/json", "application/xml" })
+ public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ }
+ RangerPolicy ret = null;
+ RangerPerfTracer perf = null;
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+ }
+ ret = svcStore.getPolicy(guid, serviceName);
+ if (ret != null) {
+ ensureAdminAndAuditAccess(ret);
+ }
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("getPolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+ if (ret == null) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + "): " + ret);
+ }
+ return ret;
+ }
+
+ @DELETE
+ @Path("/policies/guid/{guid}")
+ @Produces({ "application/json", "application/xml" })
+ public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ }
+ RangerPolicy ret = null;
+ RangerPerfTracer perf = null;
+ try {
+ if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
+ perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")");
+ }
+ ret = getPolicyByGUIDAndServiceName(guid, serviceName);
+ if (ret != null) {
+ deletePolicy(ret.getId());
+ }
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ LOG.error("deletePolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ } finally {
+ RangerPerfTracer.log(perf);
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")");
+ }
+ }
+
private HashMap<String, Object> getCSRFPropertiesMap(HttpServletRequest request) {
HashMap<String, Object> map = new HashMap<String, Object>();
map.put(isCSRF_ENABLED, PropertiesUtil.getBooleanProperty(isCSRF_ENABLED, true));
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index ab2d9cd..96dc0df 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -371,6 +371,10 @@
<query>select obj from XXPolicy obj where obj.id in (select item.policyId from XXPolicyItem item) </query>
</named-query>
+ <named-query name="XXPolicy.findByGUIDAndServiceName">
+ <query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName</query>
+ </named-query>
+
<!-- XXServiceDef -->
<named-query name="XXServiceDef.findByName">
<query>select obj from XXServiceDef obj where obj.name = :name</query>