This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 000e635 RANGER-3439: Add rest api to get or delete ranger policy based on guid 000e635 is described below commit 000e6351ee4628979a20e2b72ac6f226e6dd1c0e Author: pradeep <prad...@apache.org> AuthorDate: Mon Nov 22 11:51:16 2021 +0530 RANGER-3439: Add rest api to get or delete ranger policy based on guid --- .../java/org/apache/ranger/biz/ServiceDBStore.java | 4 ++-- .../java/org/apache/ranger/db/XXPolicyDao.java | 22 +++++++++++++---- .../java/org/apache/ranger/rest/PublicAPIsv2.java | 12 ++++++---- .../java/org/apache/ranger/rest/ServiceREST.java | 28 ++++++++++++---------- .../main/resources/META-INF/jpa_named_queries.xml | 8 +++++-- 5 files changed, 50 insertions(+), 24 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index 0f0291d..85adda5 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -2303,10 +2303,10 @@ public class ServiceDBStore extends AbstractServiceStore { return policyService.read(id); } - public RangerPolicy getPolicy(String guid, String serviceName) throws Exception { + public RangerPolicy getPolicy(String guid, String serviceName, String zoneName) throws Exception { RangerPolicy ret = null; if (StringUtils.isNotBlank(guid) && StringUtils.isNotBlank(serviceName)) { - XXPolicy xPolicy = daoMgr.getXXPolicy().findByPolicyGUIDAndServiceName(guid, serviceName); + XXPolicy xPolicy = daoMgr.getXXPolicy().findPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName); if (xPolicy != null) { ret = policyService.getPopulatedViewObject(xPolicy); } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index b068a06..4677c37 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -285,16 +285,30 @@ public class XXPolicyDao extends BaseDao<XXPolicy> { return ret; } - public XXPolicy findByPolicyGUIDAndServiceName(String guid, String serviceName) { - if (guid == null || serviceName == null) { + public XXPolicy findPolicyByGUIDAndServiceNameAndZoneName(String guid, String serviceName, String zoneName) { + if (guid == null || serviceName == null) { return null; } + try { - XXPolicy xPol = getEntityManager().createNamedQuery("XXPolicy.findByGUIDAndServiceName", tClass).setParameter("guid", guid).setParameter("serviceName", serviceName).getSingleResult(); - return xPol; + if (zoneName == null || zoneName.trim().isEmpty()) { + return getEntityManager().createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceName", tClass) + .setParameter("guid", guid) + .setParameter("serviceName", serviceName) + .setParameter("zoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .getSingleResult(); + } else { + return getEntityManager() + .createNamedQuery("XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName", tClass) + .setParameter("guid", guid) + .setParameter("serviceName", serviceName) + .setParameter("zoneName", zoneName) + .getSingleResult(); + } } catch (NoResultException e) { return null; } + } public List<XXPolicy> findByPolicyStatus(Boolean isPolicyEnabled) { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index 6ab3d52..204cadb 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -413,8 +413,10 @@ public class PublicAPIsv2 { @GET @Path("/api/policy/guid/{guid}") @Produces({ "application/json", "application/xml" }) - public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) { - return serviceREST.getPolicyByGUIDAndServiceName(guid, serviceName); + public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid, + @DefaultValue("") @QueryParam("serviceName") String serviceName, + @DefaultValue("") @QueryParam("ZoneName") String zoneName) { + return serviceREST.getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName); } @POST @@ -516,8 +518,10 @@ public class PublicAPIsv2 { @DELETE @Path("/api/policy/guid/{guid}") @Produces({ "application/json", "application/xml" }) - public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) { - serviceREST.deletePolicyByGUIDAndServiceName(guid, serviceName); + public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid, + @DefaultValue("") @QueryParam("serviceName") String serviceName, + @DefaultValue("") @QueryParam("zoneName") String zoneName) { + serviceREST.deletePolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName); } @GET diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 3ba2965..2f5fda2 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -3762,24 +3762,26 @@ public class ServiceREST { @GET @Path("/policies/guid/{guid}") @Produces({ "application/json", "application/xml" }) - public RangerPolicy getPolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) { + public RangerPolicy getPolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid, + @DefaultValue("") @QueryParam("serviceName") String serviceName, + @DefaultValue("") @QueryParam("zoneName") String zoneName) { if (LOG.isDebugEnabled()) { - LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")"); + LOG.debug("==> ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName + ")"); } RangerPolicy ret = null; RangerPerfTracer perf = null; try { if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { - perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")"); + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName + ")"); } - ret = svcStore.getPolicy(guid, serviceName); + ret = svcStore.getPolicy(guid, serviceName, zoneName); if (ret != null) { ensureAdminAndAuditAccess(ret); } } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { - LOG.error("getPolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp); + LOG.error("getPolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); } finally { RangerPerfTracer.log(perf); @@ -3788,7 +3790,7 @@ public class ServiceREST { throw restErrorUtil.createRESTException(HttpServletResponse.SC_NOT_FOUND, "Not found", true); } if (LOG.isDebugEnabled()) { - LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceName(" + guid + ", " + serviceName + "): " + ret); + LOG.debug("<== ServiceREST.getPolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +"): " + ret); } return ret; } @@ -3796,30 +3798,32 @@ public class ServiceREST { @DELETE @Path("/policies/guid/{guid}") @Produces({ "application/json", "application/xml" }) - public void deletePolicyByGUIDAndServiceName(@PathParam("guid") String guid, @DefaultValue("") @QueryParam("serviceName") String serviceName) { + public void deletePolicyByGUIDAndServiceNameAndZoneName(@PathParam("guid") String guid, + @DefaultValue("") @QueryParam("serviceName") String serviceName, + @DefaultValue("") @QueryParam("zoneName") String zoneName) { if (LOG.isDebugEnabled()) { - LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")"); + LOG.debug("==> ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")"); } RangerPolicy ret = null; RangerPerfTracer perf = null; try { if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { - perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceName(policyGUID=" + guid + ", serviceName="+ serviceName + ")"); + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(policyGUID=" + guid + ", serviceName="+ serviceName + ", zoneName="+ zoneName +")"); } - ret = getPolicyByGUIDAndServiceName(guid, serviceName); + ret = getPolicyByGUIDAndServiceNameAndZoneName(guid, serviceName, zoneName); if (ret != null) { deletePolicy(ret.getId()); } } catch (WebApplicationException excp) { throw excp; } catch (Throwable excp) { - LOG.error("deletePolicyByGUIDAndServiceName(" + guid + "," + serviceName + ") failed", excp); + LOG.error("deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + "," + serviceName + ", " + zoneName + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); } finally { RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { - LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceName(" + guid + ", " + serviceName + ")"); + LOG.debug("<== ServiceREST.deletePolicyByGUIDAndServiceNameAndZoneName(" + guid + ", " + serviceName + ", " + zoneName +")"); } } diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 8225e30..539d600 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -393,8 +393,12 @@ <query>select obj from XXPolicy obj where obj.id in (select item.policyId from XXPolicyItem item) </query> </named-query> - <named-query name="XXPolicy.findByGUIDAndServiceName"> - <query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName</query> + <named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceName"> + <query>select obj from XXPolicy obj, XXService svc where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = :zoneId</query> + </named-query> + + <named-query name="XXPolicy.findPolicyByPolicyGUIDAndServiceNameAndZoneName"> + <query>select obj from XXPolicy obj, XXService svc, XXSecurityZone zone where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = zone.id and zone.name = :zoneName</query> </named-query> <!-- XXServiceDef -->