Repository: ranger Updated Branches: refs/heads/ranger-1 1e2e15d48 -> 0a10ea8b3
RANGER-2182 : Handle upgrade scenario since atlas-service def is added with new resources for relationship Signed-off-by: Mehul Parikh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/0a10ea8b Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/0a10ea8b Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/0a10ea8b Branch: refs/heads/ranger-1 Commit: 0a10ea8b3b67f14f419145f1d0899e0b582cac54 Parents: 1e2e15d Author: Bhavik Patel <[email protected]> Authored: Wed Aug 8 17:29:49 2018 +0530 Committer: Mehul Parikh <[email protected]> Committed: Thu Aug 9 14:10:50 2018 +0530 ---------------------------------------------------------------------- .../service-defs/ranger-servicedef-atlas.json | 174 ++++++++- .../optimized/current/ranger_core_db_mysql.sql | 1 + .../optimized/current/ranger_core_db_oracle.sql | 1 + .../current/ranger_core_db_postgres.sql | 1 + .../current/ranger_core_db_sqlanywhere.sql | 2 + .../current/ranger_core_db_sqlserver.sql | 1 + ...AtlasResourceAndAccessTypeUpdate_J10016.java | 359 +++++++++++++++++++ 7 files changed, 522 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json index 8838f41..07a9800 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-atlas.json @@ -1,17 +1,16 @@ { - "id":15, + "id": 15, "name": "atlas", "implClass": "org.apache.ranger.services.atlas.RangerServiceAtlas", "label": "Atlas Metadata Server", "description": "Atlas Metadata Server", "guid": "311a79b7-16f5-46f4-9829-a0224b9999c5", - "resources": [ - { + "resources": [{ "itemId": 1, "name": "type-category", "type": "string", "level": 10, - "mandatory" : true, + "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, @@ -28,7 +27,7 @@ "name": "type", "type": "string", "level": 20, - "mandatory" : true, + "mandatory": true, "parent": "type-category", "lookupSupported": true, "recursiveSupported": false, @@ -40,14 +39,14 @@ }, "label": "Type Name", "description": "Type Name", - "accessTypeRestrictions": [ "type-create", "type-update", "type-delete" ] + "accessTypeRestrictions": ["type-create", "type-update", "type-delete"] }, { "itemId": 3, "name": "entity-type", "type": "string", "level": 10, - "mandatory" : true, + "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, @@ -64,7 +63,7 @@ "name": "entity-classification", "type": "string", "level": 20, - "mandatory" : true, + "mandatory": true, "parent": "entity-type", "lookupSupported": true, "recursiveSupported": false, @@ -82,7 +81,7 @@ "name": "entity", "type": "string", "level": 30, - "mandatory" : true, + "mandatory": true, "parent": "entity-classification", "lookupSupported": true, "recursiveSupported": false, @@ -94,14 +93,14 @@ }, "label": "Entity ID", "description": "Entity ID", - "accessTypeRestrictions": [ "entity-read", "entity-create", "entity-update", "entity-delete", "entity-add-classification", "entity-update-classification", "entity-remove-classification" ] + "accessTypeRestrictions": ["entity-read", "entity-create", "entity-update", "entity-delete", "entity-add-classification", "entity-update-classification", "entity-remove-classification"] }, { "itemId": 6, "name": "atlas-service", "type": "string", "level": 10, - "mandatory" : true, + "mandatory": true, "lookupSupported": true, "recursiveSupported": false, "excludesSupported": true, @@ -112,11 +111,138 @@ }, "label": "Atlas Service", "description": "Atlas Service", - "accessTypeRestrictions": [ "admin-import", "admin-export" ] + "accessTypeRestrictions": ["admin-import", "admin-export"] + }, { + "itemId": 7, + "name": "relationship-type", + "type": "string", + "level": 10, + "mandatory": true, + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "Relationship Type", + "description": "Relationship Type" + }, { + "itemId": 8, + "name": "end-one-entity-type", + "type": "string", + "level": 20, + "mandatory": true, + "parent": "relationship-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End1 Entity Type", + "description": "End1 Entity Type" + }, + { + "itemId": 9, + "name": "end-one-entity-classification", + "type": "string", + "level": 30, + "mandatory": true, + "parent": "end-one-entity-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End1 Entity Classification", + "description": "End1 Entity Classification" + }, + { + "itemId": 10, + "name": "end-one-entity", + "type": "string", + "level": 40, + "mandatory": true, + "parent": "end-one-entity-classification", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End1 Entity ID", + "description": "End1 Entity ID" + }, + { + "itemId": 11, + "name": "end-two-entity-type", + "type": "string", + "level": 50, + "mandatory": true, + "parent": "end-one-entity", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End2 Entity Type", + "description": "End2 Entity Type" + }, + { + "itemId": 12, + "name": "end-two-entity-classification", + "type": "string", + "level": 60, + "mandatory": true, + "parent": "end-two-entity-type", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End2 Entity Classification", + "description": "End2 Entity Classification" + }, + { + "itemId": 13, + "name": "end-two-entity", + "type": "string", + "level": 70, + "mandatory": true, + "parent": "end-two-entity-classification", + "lookupSupported": true, + "recursiveSupported": false, + "excludesSupported": true, + "matcher": "org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher", + "matcherOptions": { + "wildCard": "true", + "ignoreCase": "true" + }, + "label": "End2 Entity ID", + "description": "End2 Entity ID", + "accessTypeRestrictions": [ + "add-relationship", + "update-relationship", + "remove-relationship" + ] } ], - "accessTypes": [ - { + "accessTypes": [{ "itemId": 1, "name": "type-create", "label": "Create Type" @@ -175,10 +301,24 @@ "itemId": 12, "name": "admin-import", "label": "Admin Import" + }, + { + "itemId": 13, + "name": "add-relationship", + "label": "Add Relationship" + }, + { + "itemId": 14, + "name": "update-relationship", + "label": "Update Relationship" + }, + { + "itemId": 15, + "name": "remove-relationship", + "label": "Remove Relationship" } ], - "configs": [ - { + "configs": [{ "itemId": 1, "name": "username", "type": "string", @@ -210,4 +350,4 @@ "options": { "enableDenyAndExceptionsInPolicies": "true" } -} +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index e82df40..9d200ba 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1381,4 +1381,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10015',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 9aadbde..bafdb96 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -1357,5 +1357,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10013',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10014',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10015',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10016',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); commit; http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index 4766910..2bc58ac 100644 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -1470,6 +1470,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10015',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); DROP VIEW IF EXISTS vx_trx_log; http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql index 82f638d..1b64eea 100644 --- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql +++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql @@ -1661,6 +1661,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10015',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016,CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO exit http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql index 46d92c9..4a216fe 100644 --- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql @@ -3144,6 +3144,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10013',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10014',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10015',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO CREATE VIEW [dbo].[vx_trx_log] AS http://git-wip-us.apache.org/repos/asf/ranger/blob/0a10ea8b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasResourceAndAccessTypeUpdate_J10016.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasResourceAndAccessTypeUpdate_J10016.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasResourceAndAccessTypeUpdate_J10016.java new file mode 100644 index 0000000..eed6a9e --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasResourceAndAccessTypeUpdate_J10016.java @@ -0,0 +1,359 @@ + +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.patch; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.JSONUtil; +import org.apache.ranger.common.RangerValidatorFactory; +import org.apache.ranger.common.StringUtil; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessTypeDef; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPolicy; +import org.apache.ranger.entity.XXPolicyItem; +import org.apache.ranger.entity.XXPolicyItemAccess; +import org.apache.ranger.entity.XXPolicyItemGroupPerm; +import org.apache.ranger.entity.XXPolicyResource; +import org.apache.ranger.entity.XXPolicyResourceMap; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.entity.XXService; +import org.apache.ranger.entity.XXServiceDef; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicyResourceSignature; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; +import org.apache.ranger.plugin.model.validation.RangerServiceDefValidator; +import org.apache.ranger.plugin.model.validation.RangerValidator.Action; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; +import org.apache.ranger.service.RangerPolicyService; +import org.apache.ranger.util.CLIUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +@Component +public class PatchForAtlasResourceAndAccessTypeUpdate_J10016 extends BaseLoader { + private static final Logger logger = Logger.getLogger(PatchForAtlasResourceAndAccessTypeUpdate_J10016.class); + private static final String RESOURCE_DEF_NAME = "all - relationship-type, end-one-entity-type, end-one-entity-classification, end-one-entity, end-two-entity-type, end-two-entity-classification, end-two-entity"; + private static final List<String> ATLAS_RESOURCES = new ArrayList<>( + Arrays.asList("relationship-type", "end-one-entity-type", "end-one-entity-classification", "end-one-entity", + "end-two-entity-type", "end-two-entity-classification", "end-two-entity")); + private static final List<String> ATLAS_ACCESS_TYPES = new ArrayList<>( + Arrays.asList("add-relationship", "update-relationship", "remove-relationship")); + private static final String LOGIN_ID_ADMIN = "admin"; + private static final String GROUP_PUBLIC = "public"; + + @Autowired + RangerDaoManager daoMgr; + + @Autowired + ServiceDBStore svcDBStore; + + @Autowired + GUIDUtil guidUtil; + + @Autowired + JSONUtil jsonUtil; + + @Autowired + StringUtil stringUtil; + + @Autowired + RangerValidatorFactory validatorFactory; + + @Autowired + ServiceDBStore svcStore; + + @Autowired + RangerPolicyService policyService; + + public static void main(String[] args) { + logger.info("main()"); + try { + PatchForAtlasResourceAndAccessTypeUpdate_J10016 loader = (PatchForAtlasResourceAndAccessTypeUpdate_J10016) CLIUtil + .getBean(PatchForAtlasResourceAndAccessTypeUpdate_J10016.class); + loader.init(); + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + // Do Nothing + } + + @Override + public void execLoad() { + logger.info("==> PatchForAtlasResourceAndAccessTypeUpdate.execLoad()"); + try { + updateAtlasResourceAndAccessType(); + } catch (Exception e) { + logger.error("Error whille updateAtlasResourceAndAccessType()data.", e); + } + logger.info("<== PatchForAtlasResourceAndAccessTypeUpdate.execLoad()"); + } + + @Override + public void printStats() { + logger.info("AtlasResourceAndAccessTypeUpdate data "); + } + + private void updateAtlasResourceAndAccessType() { + RangerServiceDef ret = null; + RangerServiceDef embeddedAtlasServiceDef = null; + XXServiceDef xXServiceDefObj = null; + RangerServiceDef dbAtlasServiceDef = null; + List<RangerServiceDef.RangerResourceDef> embeddedAtlasResourceDefs = null; + List<RangerServiceDef.RangerAccessTypeDef> embeddedAtlasAccessTypes = null; + + try { + embeddedAtlasServiceDef = EmbeddedServiceDefsUtil.instance() + .getEmbeddedServiceDef(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + if (embeddedAtlasServiceDef != null) { + xXServiceDefObj = daoMgr.getXXServiceDef() + .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + if (xXServiceDefObj == null) { + logger.info(xXServiceDefObj + ": service-def not found. No patching is needed"); + return; + } + + dbAtlasServiceDef = svcDBStore + .getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + embeddedAtlasResourceDefs = embeddedAtlasServiceDef.getResources(); + embeddedAtlasAccessTypes = embeddedAtlasServiceDef.getAccessTypes(); + if (checkResourcePresent(embeddedAtlasResourceDefs)) { + dbAtlasServiceDef.setResources(embeddedAtlasResourceDefs); + if (checkAccessPresent(embeddedAtlasAccessTypes)) { + dbAtlasServiceDef.setAccessTypes(embeddedAtlasAccessTypes); + } + } + + RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); + validator.validate(dbAtlasServiceDef, Action.UPDATE); + ret = svcStore.updateServiceDef(dbAtlasServiceDef); + if (ret == null) { + logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + + " service-def"); + throw new RuntimeException("Error while updating " + + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def"); + } else { + createDefaultPolicyToExistingService(); + updatePolicyForRelationshipType(); + } + } + } catch (Exception e) { + logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME + " service-def",e); + } + + } + + private void createDefaultPolicyToExistingService() { + logger.info("==> createDefaultPolicyToExistingService "); + XXPortalUser xxPortalUser = daoMgr.getXXPortalUser().findByLoginId(LOGIN_ID_ADMIN); + Long currentUserId = xxPortalUser.getId(); + + XXServiceDef xXServiceDefObj = daoMgr.getXXServiceDef() + .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + if (xXServiceDefObj == null) { + logger.debug("ServiceDef not fount with name :" + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + return; + } + Long xServiceDefId = xXServiceDefObj.getId(); + List<XXService> xxServices = daoMgr.getXXService().findByServiceDefId(xServiceDefId); + for (XXService xxService : xxServices) { + List<XXPolicy> xxPolicies = daoMgr.getXXPolicy().findByServiceId(xxService.getId()); + Boolean isPolicyPresent = true; + for (XXPolicy xxPolicy : xxPolicies) { + if (!xxPolicy.getName().equalsIgnoreCase(RESOURCE_DEF_NAME)) { + isPolicyPresent = false; + } else { + isPolicyPresent = true; + break; + } + } + if (!isPolicyPresent) { + XXPolicy xxPolicy = new XXPolicy(); + xxPolicy.setName(RESOURCE_DEF_NAME); + xxPolicy.setDescription(RESOURCE_DEF_NAME); + xxPolicy.setService(xxService.getId()); + xxPolicy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL); + xxPolicy.setIsAuditEnabled(Boolean.TRUE); + xxPolicy.setIsEnabled(Boolean.TRUE); + xxPolicy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS); + xxPolicy.setGuid(guidUtil.genGUID()); + xxPolicy.setAddedByUserId(currentUserId); + xxPolicy.setUpdatedByUserId(currentUserId); + RangerPolicy rangerPolicy = new RangerPolicy(); + RangerPolicyResourceSignature resourceSignature = new RangerPolicyResourceSignature(rangerPolicy); + xxPolicy.setResourceSignature(resourceSignature.getSignature()); + XXPolicy createdPolicy = daoMgr.getXXPolicy().create(xxPolicy); + + XXPolicyItem xxPolicyItem = new XXPolicyItem(); + xxPolicyItem.setIsEnabled(Boolean.TRUE); + xxPolicyItem.setDelegateAdmin(Boolean.TRUE); + xxPolicyItem.setItemType(0); + xxPolicyItem.setOrder(0); + xxPolicyItem.setAddedByUserId(currentUserId); + xxPolicyItem.setUpdatedByUserId(currentUserId); + xxPolicyItem.setPolicyId(createdPolicy.getId()); + XXPolicyItem createdXXPolicyItem = daoMgr.getXXPolicyItem().create(xxPolicyItem); + + List<String> accessTypes = Arrays.asList("add-relationship", "update-relationship", + "remove-relationship"); + for (int i = 0; i < accessTypes.size(); i++) { + XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(accessTypes.get(i), + xxPolicy.getService()); + if (xAccTypeDef == null) { + throw new RuntimeException(accessTypes.get(i) + ": is not a valid access-type. policy='" + + xxPolicy.getName() + "' service='" + xxPolicy.getService() + "'"); + } + XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess(); + xPolItemAcc.setIsAllowed(Boolean.TRUE); + xPolItemAcc.setType(xAccTypeDef.getId()); + xPolItemAcc.setOrder(i); + xPolItemAcc.setAddedByUserId(currentUserId); + xPolItemAcc.setUpdatedByUserId(currentUserId); + xPolItemAcc.setPolicyitemid(createdXXPolicyItem.getId()); + daoMgr.getXXPolicyItemAccess().create(xPolItemAcc); + } + + List<String> groups = Arrays.asList(GROUP_PUBLIC); + for (int i = 0; i < groups.size(); i++) { + String group = groups.get(i); + if (StringUtils.isBlank(group)) { + continue; + } + XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group); + if (xGrp == null) { + throw new RuntimeException(group + ": group does not exist. policy='" + xxPolicy.getName() + + "' service='" + xxPolicy.getService() + "' group='" + group + "'"); + } + XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm(); + xGrpPerm.setGroupId(xGrp.getId()); + xGrpPerm.setPolicyItemId(createdXXPolicyItem.getId()); + xGrpPerm.setOrder(i); + xGrpPerm.setAddedByUserId(currentUserId); + xGrpPerm.setUpdatedByUserId(currentUserId); + daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm); + } + + for (int i = 0; i < ATLAS_RESOURCES.size(); i++) { + XXResourceDef xResDef = daoMgr.getXXResourceDef().findByNameAndPolicyId(ATLAS_RESOURCES.get(i), + createdPolicy.getId()); + if (xResDef == null) { + throw new RuntimeException(ATLAS_RESOURCES.get(i) + ": is not a valid resource-type. policy='" + + createdPolicy.getName() + "' service='" + createdPolicy.getService() + "'"); + } + XXPolicyResource xPolRes = new XXPolicyResource(); + + xPolRes.setAddedByUserId(currentUserId); + xPolRes.setUpdatedByUserId(currentUserId); + xPolRes.setIsExcludes(Boolean.FALSE); + xPolRes.setIsRecursive(Boolean.FALSE); + xPolRes.setPolicyId(createdPolicy.getId()); + xPolRes.setResDefId(xResDef.getId()); + xPolRes = daoMgr.getXXPolicyResource().create(xPolRes); + + XXPolicyResourceMap xPolResMap = new XXPolicyResourceMap(); + xPolResMap.setResourceId(xPolRes.getId()); + xPolResMap.setValue("*"); + xPolResMap.setOrder(i); + xPolResMap.setAddedByUserId(currentUserId); + xPolResMap.setUpdatedByUserId(currentUserId); + daoMgr.getXXPolicyResourceMap().create(xPolResMap); + } + logger.info("Creating policy for service id : " + xxService.getId()); + } + } + logger.info("<== createDefaultPolicyToExistingService "); + } + + private boolean checkResourcePresent(List<RangerServiceDef.RangerResourceDef> resourceDefs) { + boolean ret = false; + for (RangerServiceDef.RangerResourceDef resourceDef : resourceDefs) { + if (ATLAS_RESOURCES.contains(resourceDef.getName())) { + ret = true; + break; + } + } + return ret; + } + + private boolean checkAccessPresent(List<RangerAccessTypeDef> embeddedAtlasAccessTypes) { + boolean ret = false; + for (RangerServiceDef.RangerAccessTypeDef accessDef : embeddedAtlasAccessTypes) { + if (ATLAS_ACCESS_TYPES.contains(accessDef.getName())) { + ret = true; + break; + } + } + return ret; + } + + private void updatePolicyForRelationshipType() { + logger.info("===> updatePolicyForRelationshipType "); + XXPortalUser xxPortalUser = daoMgr.getXXPortalUser().findByLoginId(LOGIN_ID_ADMIN); + Long currentUserId = xxPortalUser.getId(); + XXServiceDef xXServiceDefObj = daoMgr.getXXServiceDef() + .findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + if (xXServiceDefObj == null) { + logger.debug( + "xXServiceDefObj not found with name : " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + return; + } + Long xServiceDefId = xXServiceDefObj.getId(); + XXResourceDef xxResourceDef = daoMgr.getXXResourceDef().findByNameAndServiceDefId(RESOURCE_DEF_NAME, + xServiceDefId); + List<XXPolicyResource> policyResources = daoMgr.getXXPolicyResource().findByResDefId(xxResourceDef.getId()); + for (XXPolicyResource xxPolicyResource : policyResources) { + XXPolicy xxPolicy = daoMgr.getXXPolicy().getById(xxPolicyResource.getPolicyid()); + List<XXPolicyItem> xxPolicyItems = daoMgr.getXXPolicyItem().findByPolicyId(xxPolicy.getId()); + for (XXPolicyItem xxPolicyItem : xxPolicyItems) { + XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(GROUP_PUBLIC); + if (xxGroup == null) { + logger.error("Group name 'public' not found in database"); + return; + } + Long publicGroupId = xxGroup.getId(); + XXPolicyItemGroupPerm xxPolicyItemGroupPerm = new XXPolicyItemGroupPerm(); + xxPolicyItemGroupPerm.setPolicyItemId(xxPolicyItem.getId()); + xxPolicyItemGroupPerm.setGroupId(publicGroupId); + xxPolicyItemGroupPerm.setOrder(0); + xxPolicyItemGroupPerm.setAddedByUserId(currentUserId); + xxPolicyItemGroupPerm.setUpdatedByUserId(currentUserId); + daoMgr.getXXPolicyItemGroupPerm().create(xxPolicyItemGroupPerm); + } + } + logger.info("<=== updatePolicyForRelationshipType "); + } +}
