Repository: ranger Updated Branches: refs/heads/ranger-1.1 b1a5798d7 -> e8c99d0cc
RANGER-2260: Atlas servicedef version change patch should update atlas access type def for tag def also. Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/b1d9359e Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/b1d9359e Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/b1d9359e Branch: refs/heads/ranger-1.1 Commit: b1d9359e7d111e53bcf9a69c04f36b444e1837d4 Parents: b1a5798 Author: Pradeep <prad...@apache.org> Authored: Mon Oct 22 19:28:47 2018 +0530 Committer: Pradeep <prad...@apache.org> Committed: Mon Oct 22 20:26:47 2018 +0530 ---------------------------------------------------------------------- .../optimized/current/ranger_core_db_mysql.sql | 1 + .../patches/035-update-schema-for-x-policy.sql | 32 ++++++ .../optimized/current/ranger_core_db_oracle.sql | 1 + .../patches/035-update-schema-for-x-policy.sql | 38 +++++++ .../current/ranger_core_db_postgres.sql | 1 + .../patches/035-update-schema-for-x-policy.sql | 36 +++++++ .../current/ranger_core_db_sqlanywhere.sql | 2 + .../patches/035-update-schema-for-x-policy.sql | 37 ++++--- .../current/ranger_core_db_sqlserver.sql | 1 + .../patches/035-update-schema-for-x-policy.sql | 36 +++++-- .../PatchForAtlasServiceDefUpdate_J10013.java | 103 ++++++++++++++++++- 11 files changed, 265 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index 70447fa..a4fa130 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -1428,4 +1428,5 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',UTC_TIMESTAMP(),'Ranger 1.0.0',UTC_TIMESTAMP(),'localhost','Y'); http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql index ee82ae3..84db526 100644 --- a/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql +++ b/security-admin/db/mysql/patches/035-update-schema-for-x-policy.sql @@ -13,6 +13,38 @@ -- See the License for the specific language governing permissions and -- limitations under the License. +drop procedure if exists update_TagDefAccessTypes_for_atlas; + +delimiter ;; +create procedure update_TagDefAccessTypes_for_atlas() begin +DECLARE new_atlas_def_name varchar(100); +if exists (select version from x_db_version_h where version = 'J10013') then + if exists (select name from x_service_def where name like 'atlas.%') then + set new_atlas_def_name=(select name from x_service_def where name like 'atlas.%'); + if exists(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) then + update x_access_type_def set name=concat(new_atlas_def_name,':read') where def_id=100 and name='atlas:read'; + update x_access_type_def set name=concat(new_atlas_def_name,':create') where def_id=100 and name='atlas:create'; + update x_access_type_def set name=concat(new_atlas_def_name,':update') where def_id=100 and name='atlas:update'; + update x_access_type_def set name=concat(new_atlas_def_name,':delete') where def_id=100 and name='atlas:delete'; + update x_access_type_def set name=concat(new_atlas_def_name,':all') where def_id=100 and name='atlas:all'; + end if; + if exists(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) then + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':read') where implied_grant='atlas:read'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':create') where implied_grant='atlas:create'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':update') where implied_grant='atlas:update'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':delete') where implied_grant='atlas:delete'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name,':all') where implied_grant='atlas:all'; + end if; + end if; +end if; +end;; + +delimiter ; +call update_TagDefAccessTypes_for_atlas(); + +drop procedure if exists update_TagDefAccessTypes_for_atlas; + + drop procedure if exists alter_table_x_policy; delimiter ;; http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 8b51307..0949cbd 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -1405,5 +1405,6 @@ INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,act INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10016',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10019',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10020',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); +INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'J10025',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); INSERT INTO x_db_version_h (id,version,inst_at,inst_by,updated_at,updated_by,active) VALUES (X_DB_VERSION_H_SEQ.nextval,'JAVA_PATCHES',sys_extract_utc(systimestamp),'Ranger 1.0.0',sys_extract_utc(systimestamp),'localhost','Y'); commit; http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql index 11b4172..c75e620 100644 --- a/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql +++ b/security-admin/db/oracle/patches/035-update-schema-for-x-policy.sql @@ -161,3 +161,41 @@ CALL removeConstraints('X_POLICY_RESOURCE'); CALL removeConstraints('X_POLICY_RESOURCE_MAP'); CALL removeConstraints('X_POLICY_ITEM_USER_PERM'); CALL removeConstraints('X_POLICY_ITEM_ROWFILTER'); + +DECLARE + v_record_exists number := 0; + new_atlas_def_name VARCHAR(1024); + sql_stmt VARCHAR(1024); +BEGIN +select count(*) into v_record_exists from x_db_version_h where version = 'J10013'; + if (v_record_exists = 1) then + select name into new_atlas_def_name from x_service_def where name like 'atlas.%'; + select count(*) into v_record_exists from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'); + if (v_record_exists > 0) then + sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create'; + sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update'; + sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete'; + sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read'; + sql_stmt := 'UPDATE x_access_type_def set name=concat(:1,:2) where def_id=100 and name=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all'; + end if; + select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'); + if (v_record_exists > 0) then + sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':create','atlas:create'; + sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':update','atlas:update'; + sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':delete','atlas:delete'; + sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':read','atlas:read'; + sql_stmt := 'UPDATE x_access_type_def_grants set implied_grant=concat(:1,:2) where implied_grant=:3'; + EXECUTE IMMEDIATE sql_stmt USING new_atlas_def_name,':all','atlas:all'; + end if; + end if; + commit; +end;/ http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index a123911..a0e02e0 100644 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -1520,6 +1520,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',current_timestamp,'Ranger 1.0.0',current_timestamp,'localhost','Y'); DROP VIEW IF EXISTS vx_trx_log; http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql index cb87cd0..61c7986 100644 --- a/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql +++ b/security-admin/db/postgres/patches/035-update-schema-for-x-policy.sql @@ -195,3 +195,39 @@ select removekeys(); select 'delimiter end'; +commit; +select 'delimiter start'; +CREATE OR REPLACE FUNCTION update_TagDefAccessTypes_for_atlas() +RETURNS void AS $$ +DECLARE + new_atlas_def_name VARCHAR(1024); + v_record_exists integer := 0; +BEGIN +select count(*) into v_record_exists from x_db_version_h where version = 'J10013'; +IF v_record_exists = 1 THEN + select name into new_atlas_def_name from x_service_def where name like 'atlas.%'; + select count(*) into v_record_exists from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'); + IF v_record_exists > 0 THEN + update x_access_type_def set name=(new_atlas_def_name || ':read')where def_id=100 and name='atlas:read'; + update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100 and name='atlas:create'; + update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100 and name='atlas:update'; + update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100 and name='atlas:delete'; + update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and name='atlas:all'; + END IF; + select count(*) into v_record_exists from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all'); + IF v_record_exists > 0 THEN + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where implied_grant='atlas:read'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where implied_grant='atlas:create'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where implied_grant='atlas:update'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where implied_grant='atlas:delete'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where implied_grant='atlas:all'; + END IF; + END IF; +END; +$$ LANGUAGE plpgsql; +select 'delimiter end'; + +select update_TagDefAccessTypes_for_atlas(); +commit; +select 'delimiter end'; + http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql index 142302a..db8ebc3 100644 --- a/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql +++ b/security-admin/db/sqlanywhere/optimized/current/ranger_core_db_sqlanywhere.sql @@ -1709,6 +1709,8 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +GO INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO exit http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql index 24d072f..c079014 100644 --- a/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql +++ b/security-admin/db/sqlanywhere/patches/035-update-schema-for-x-policy.sql @@ -145,36 +145,49 @@ BEGIN END close cur DEALLOCATE CURSOR cur - END GO - call dbo.removeForeignKeyConstraint('x_policy_item') GO - call dbo.removeForeignKeyConstraint('x_policy_item_access') GO - call dbo.removeForeignKeyConstraint('x_policy_item_condition') GO - call dbo.removeForeignKeyConstraint('x_policy_item_datamask') GO - call dbo.removeForeignKeyConstraint('x_policy_item_group_perm') GO - call dbo.removeForeignKeyConstraint('x_policy_item_user_perm') GO - call dbo.removeForeignKeyConstraint('x_policy_item_rowfilter') GO - call dbo.removeForeignKeyConstraint('x_policy_resource') GO - call dbo.removeForeignKeyConstraint('x_policy_resource_map') GO - -exit +BEGIN +DECLARE new_atlas_def_name varchar(1024); +DECLARE v_record_exists INT = 0; + IF EXISTS (select version from x_db_version_h where version = 'J10013') THEN + IF EXISTS(select name from x_service_def where name like 'atlas.%') THEN + select name into new_atlas_def_name from x_service_def where name like 'atlas.%'; + IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) THEN + update x_access_type_def set name=(new_atlas_def_name || ':read') where def_id=100 and name='atlas:read'; + update x_access_type_def set name=(new_atlas_def_name || ':create') where def_id=100 and name='atlas:create'; + update x_access_type_def set name=(new_atlas_def_name || ':update') where def_id=100 and name='atlas:update'; + update x_access_type_def set name=(new_atlas_def_name || ':delete') where def_id=100 and name='atlas:delete'; + update x_access_type_def set name=(new_atlas_def_name || ':all') where def_id=100 and name='atlas:all'; + END IF; + IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) THEN + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':read') where implied_grant='atlas:read'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':create') where implied_grant='atlas:create'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':update') where implied_grant='atlas:update'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':delete') where implied_grant='atlas:delete'; + update x_access_type_def_grants set implied_grant=(new_atlas_def_name || ':all') where implied_grant='atlas:all'; + END IF; + END IF; + END IF; +END +GO +exit \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql index 75c8faf..522b57b 100644 --- a/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/optimized/current/ranger_core_db_sqlserver.sql @@ -3256,6 +3256,7 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10016',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10019',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10020',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); +INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('J10025',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active) VALUES ('JAVA_PATCHES',CURRENT_TIMESTAMP,'Ranger 1.0.0',CURRENT_TIMESTAMP,'localhost','Y'); GO CREATE VIEW [dbo].[vx_trx_log] AS http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql index ebf44ac..bd646d6 100644 --- a/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql +++ b/security-admin/db/sqlserver/patches/035-update-schema-for-x-policy.sql @@ -425,29 +425,47 @@ GO EXEC dbo.removeConstraints 'x_policy_item' GO - EXEC dbo.removeConstraints 'x_policy_item_access' GO - EXEC dbo.removeConstraints 'x_policy_item_condition' GO - EXEC dbo.removeConstraints 'x_policy_item_datamask' GO - EXEC dbo.removeConstraints 'x_policy_item_group_perm' GO - EXEC dbo.removeConstraints 'x_policy_item_user_perm' GO - EXEC dbo.removeConstraints 'x_policy_item_rowfilter' GO - EXEC dbo.removeConstraints 'x_policy_resource' GO - EXEC dbo.removeConstraints 'x_policy_resource_map' GO -EXIT +IF EXISTS (select version from x_db_version_h where version = 'J10013') +BEGIN + IF EXISTS(select name from x_service_def where name like 'atlas.%') + BEGIN + DECLARE @new_atlas_def_name VARCHAR(100); + set @new_atlas_def_name=(select name into new_atlas_def_name from x_service_def where name like 'atlas.%') + IF EXISTS(select * from x_access_type_def where def_id in(select id from x_service_def where name='tag') and name in('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) + BEGIN + update x_access_type_def set name=concat(new_atlas_def_name , ':read') where def_id=100 and name='atlas:read'; + update x_access_type_def set name=concat(new_atlas_def_name , ':create') where def_id=100 and name='atlas:create'; + update x_access_type_def set name=concat(new_atlas_def_name , ':update') where def_id=100 and name='atlas:update'; + update x_access_type_def set name=concat(new_atlas_def_name , ':delete') where def_id=100 and name='atlas:delete'; + update x_access_type_def set name=concat(new_atlas_def_name , ':all') where def_id=100 and name='atlas:all'; + END IF; + IF EXISTS(select * from x_access_type_def_grants where atd_id in (select id from x_access_type_def where def_id in (select id from x_service_def where name='tag') and name like 'atlas%') and implied_grant in ('atlas:read','atlas:create','atlas:update','atlas:delete','atlas:all')) + BEGIN + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':read') where implied_grant='atlas:read'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':create') where implied_grant='atlas:create'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':update') where implied_grant='atlas:update'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':delete') where implied_grant='atlas:delete'; + update x_access_type_def_grants set implied_grant=concat(new_atlas_def_name , ':all') where implied_grant='atlas:all'; + END IF; + END IF; +END IF; +END +GO +EXIT \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/b1d9359e/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java index 1b315cd..c7af90c 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchForAtlasServiceDefUpdate_J10013.java @@ -17,13 +17,17 @@ package org.apache.ranger.patch; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Collection; import java.util.HashSet; import java.util.List; +import java.util.Objects; import java.util.Set; import org.apache.commons.collections.CollectionUtils; import org.apache.log4j.Logger; import org.apache.ranger.biz.ServiceDBStore; +import org.apache.ranger.common.RangerValidatorFactory; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.db.XXAccessTypeDefDao; import org.apache.ranger.db.XXResourceDefDao; @@ -33,6 +37,8 @@ import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceDef; +import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.store.AbstractServiceStore; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.service.RangerServiceService; import org.apache.ranger.util.CLIUtil; @@ -42,7 +48,7 @@ import org.springframework.stereotype.Component; @Component public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { private static final Logger LOG = Logger.getLogger(PatchForAtlasServiceDefUpdate_J10013.class); - + private static final int MAX_ACCESS_TYPES_IN_SERVICE_DEF = 1000; @Autowired RangerDaoManager daoMgr; @@ -52,6 +58,9 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { @Autowired RangerServiceService svcService; + @Autowired + RangerValidatorFactory validatorFactory; + public static void main(String[] args) { LOG.info("main()"); try { @@ -79,6 +88,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { updateAtlasServiceDef(); } catch (Exception e) { LOG.error("Error whille updateAtlasServiceDef()data.", e); + System.exit(1); } LOG.info("<== PatchForAtlasServiceDefUpdate.execLoad()"); } @@ -88,7 +98,7 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { LOG.info("PatchForAtlasServiceDefUpdate data "); } - private void updateAtlasServiceDef(){ + private void updateAtlasServiceDef() throws Exception{ String serviceDefName=EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME; XXServiceDefDao serviceDefDao = daoMgr.getXXServiceDef(); XXServiceDef serviceDef = serviceDefDao.findByName(serviceDefName); @@ -111,6 +121,28 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { } String serviceDefNewName = serviceDefName + suffix; LOG.info("Renaming service-def " + serviceDefName + " as " + serviceDefNewName); + RangerServiceDef dbAtlasServiceDef = svcDBStore.getServiceDefByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_ATLAS_NAME); + if (EmbeddedServiceDefsUtil.instance().getTagServiceDefId() != -1) { + RangerServiceDef dbTagServiceDef; + try { + dbTagServiceDef = svcDBStore.getServiceDef(EmbeddedServiceDefsUtil.instance().getTagServiceDefId()); + if(dbTagServiceDef!=null) { + String prefix = serviceDefName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR; + String newPrefix = serviceDefNewName + AbstractServiceStore.COMPONENT_ACCESSTYPE_SEPARATOR; + + List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes = dbAtlasServiceDef.getAccessTypes(); + List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes = dbTagServiceDef.getAccessTypes(); + long itemIdOffset = serviceDef.getId() * (MAX_ACCESS_TYPES_IN_SERVICE_DEF + 1); + + boolean updateNeeded = updateTagAccessTypeDefs(svcDefAccessTypes, tagDefAccessTypes, itemIdOffset, prefix,newPrefix); + if(updateNeeded) { + svcDBStore.updateServiceDef(dbTagServiceDef); + } + } + } catch (Exception e) { + LOG.error("updateAtlasServiceDef:" + serviceDef.getName() + "): could not find TAG ServiceDef.. ", e); + } + } serviceDef.setName(serviceDefNewName); serviceDefDao.update(serviceDef); LOG.info("Renamed service-def " + serviceDefName + " as " + serviceDefNewName); @@ -162,4 +194,71 @@ public class PatchForAtlasServiceDefUpdate_J10013 extends BaseLoader { } return result; } + + private boolean updateTagAccessTypeDefs(List<RangerServiceDef.RangerAccessTypeDef> svcDefAccessTypes, + List<RangerServiceDef.RangerAccessTypeDef> tagDefAccessTypes, long itemIdOffset, String prefix,String newPrefix) { + List<RangerServiceDef.RangerAccessTypeDef> toUpdate = new ArrayList<>(); + for (RangerServiceDef.RangerAccessTypeDef tagAccessType : tagDefAccessTypes) { + if (tagAccessType.getName().startsWith(prefix)) { + long svcAccessTypeItemId = tagAccessType.getItemId() - itemIdOffset; + RangerServiceDef.RangerAccessTypeDef svcAccessType = findAccessTypeDef(svcAccessTypeItemId,svcDefAccessTypes); + if (svcAccessType != null) { + if (updateTagAccessTypeDef(tagAccessType, svcAccessType, newPrefix)) { + toUpdate.add(tagAccessType); + } + } + } + } + boolean updateNeeded = false; + if (CollectionUtils.isNotEmpty(toUpdate)) { + updateNeeded = true; + } + return updateNeeded; + } + + private RangerServiceDef.RangerAccessTypeDef findAccessTypeDef(long itemId, List<RangerServiceDef.RangerAccessTypeDef> accessTypeDefs) { + RangerServiceDef.RangerAccessTypeDef ret = null; + for (RangerServiceDef.RangerAccessTypeDef accessTypeDef : accessTypeDefs) { + if (itemId == accessTypeDef.getItemId()) { + ret = accessTypeDef; + break; + } + } + return ret; + } + + private boolean updateTagAccessTypeDef(RangerServiceDef.RangerAccessTypeDef tagAccessType, RangerServiceDef.RangerAccessTypeDef svcAccessType, String newPrefix) { + boolean isUpdated = false; + if (!Objects.equals(tagAccessType.getName().substring(newPrefix.length()), svcAccessType.getName())) { + isUpdated = true; + } else { + Collection<String> tagImpliedGrants = tagAccessType.getImpliedGrants(); + Collection<String> svcImpliedGrants = svcAccessType.getImpliedGrants(); + int tagImpliedGrantsLen = tagImpliedGrants == null ? 0 : tagImpliedGrants.size(); + int svcImpliedGrantsLen = svcImpliedGrants == null ? 0 : svcImpliedGrants.size(); + if (tagImpliedGrantsLen != svcImpliedGrantsLen) { + isUpdated = true; + } else if (tagImpliedGrantsLen > 0) { + for (String svcImpliedGrant : svcImpliedGrants) { + if (!tagImpliedGrants.contains(newPrefix + svcImpliedGrant)) { + isUpdated = true; + break; + } + } + } + } + if (isUpdated) { + tagAccessType.setName(newPrefix + svcAccessType.getName()); + tagAccessType.setLabel(svcAccessType.getLabel()); + tagAccessType.setRbKeyLabel(svcAccessType.getRbKeyLabel()); + tagAccessType.setImpliedGrants(new HashSet<String>()); + if (CollectionUtils.isNotEmpty(svcAccessType.getImpliedGrants())) { + for (String svcImpliedGrant : svcAccessType.getImpliedGrants()) { + tagAccessType.getImpliedGrants().add(newPrefix + svcImpliedGrant); + } + } + } + return isUpdated; + } + } \ No newline at end of file