This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch ranger-2.4 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.4 by this push: new 382490b10 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature 382490b10 is described below commit 382490b100531dd1d299cd82244ded66937f894a Author: pradeep <prad...@apache.org> AuthorDate: Mon Aug 1 14:50:07 2022 +0530 RANGER-3846: Ranger DB patch 058 failing when multiple policies having same resourceSignature --- .../apache/ranger/biz/RangerPolicyRetriever.java | 2 +- .../java/org/apache/ranger/db/XXPolicyDao.java | 32 ++++++++++++++ .../java/org/apache/ranger/db/XXPortalUserDao.java | 21 +++++++++ ...ForUpdateToUniqueResoureceSignature_J10053.java | 50 ++++++++++++++++++++++ .../main/resources/META-INF/jpa_named_queries.xml | 12 ++++++ 5 files changed, 116 insertions(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java index 238fecd48..e94c37f7b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -343,7 +343,7 @@ public class RangerPolicyRetriever { ret = userScreenNames.get(userId); if(ret == null) { - XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + XXPortalUser user = daoMgr.getXXPortalUser().findById(userId); if(user != null) { ret = user.getPublicScreenName(); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index 54191d828..f329c0eff 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -18,7 +18,9 @@ package org.apache.ranger.db; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import javax.persistence.NoResultException; @@ -354,4 +356,34 @@ public class XXPolicyDao extends BaseDao<XXPolicy> { } return ret; } + + public Map<String, Long> findDuplicatePoliciesByServiceAndResourceSignature() { + Map<String, Long> policies = new HashMap<String, Long>(); + try { + List<Object[]> rows = (List<Object[]>) getEntityManager().createNamedQuery("XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature").getResultList(); + if (rows != null) { + for (Object[] row : rows) { + policies.put((String) row[0], (Long) row[1]); + } + } + } catch (NoResultException e) { + return null; + } catch (Exception ex) { + } + return policies; + } + + public List<XXPolicy> findByServiceIdAndResourceSignature(Long serviceId, String policySignature) { + if (policySignature == null || serviceId == null) { + return new ArrayList<XXPolicy>(); + } + try { + return getEntityManager().createNamedQuery("XXPolicy.findByServiceIdAndResourceSignature", tClass) + .setParameter("serviceId", serviceId) + .setParameter("resSignature", policySignature) + .getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicy>(); + } + } } \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java index 8d15a324e..1787eeae6 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java @@ -128,4 +128,25 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> { return null; } } + + public XXPortalUser findById(Long id) { + XXPortalUser xXPortalUser = null; + if (id == null) { + return xXPortalUser; + } + try { + xXPortalUser = new XXPortalUser(); + Object[] row = (Object[]) getEntityManager().createNamedQuery("XXPortalUser.findById").setParameter("id", id).getSingleResult(); + if (row != null) { + xXPortalUser.setFirstName((String) row[0]); + xXPortalUser.setLastName((String) row[1]); + xXPortalUser.setPublicScreenName((String) row[2]); + xXPortalUser.setLoginId((String) row[3]); + return xXPortalUser; + } + } catch (NoResultException e) { + return null; + } + return xXPortalUser; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java index b6a20ab4b..8665a24f8 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053.java @@ -17,7 +17,9 @@ package org.apache.ranger.patch; +import java.util.Iterator; import java.util.List; +import java.util.Map; import org.apache.commons.collections.CollectionUtils; import org.apache.log4j.Logger; @@ -25,7 +27,9 @@ import org.apache.ranger.authorization.utils.JsonUtils; import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.RangerFactory; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.db.XXPolicyLabelMapDao; import org.apache.ranger.entity.XXPolicy; +import org.apache.ranger.entity.XXPolicyLabelMap; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerPolicyResourceSignature; import org.apache.ranger.util.CLIUtil; @@ -88,6 +92,7 @@ public class PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053 extends try { updateDisabledPolicyResourceSignature(); + removeDuplicateResourceSignaturesPolicies(); } catch (Exception e) { logger.error("Error while PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053()", e); System.exit(1); @@ -127,4 +132,49 @@ public class PatchPreSql_058_ForUpdateToUniqueResoureceSignature_J10053 extends } } + private void removeDuplicateResourceSignaturesPolicies() throws Exception { + logger.info("==> removeDuplicateResourceSignaturesPolicies() "); + Map<String, Long> duplicateEntries = daoMgr.getXXPolicy().findDuplicatePoliciesByServiceAndResourceSignature(); + if (duplicateEntries != null && duplicateEntries.size() > 0) { + logger.info("Total number of possible duplicate policies:" + duplicateEntries.size()); + for (Map.Entry<String, Long> entry : duplicateEntries.entrySet()) { + logger.info("Duplicate policy Entry - {ResourceSignature:" + entry.getKey() + ", ServiceId:" + entry.getValue() + "}"); + List<XXPolicy> xxPolicyList = daoMgr.getXXPolicy().findByServiceIdAndResourceSignature(entry.getValue(), entry.getKey()); + if (CollectionUtils.isNotEmpty(xxPolicyList) && xxPolicyList.size() > 1) { + Iterator<XXPolicy> duplicatePolicies = xxPolicyList.iterator(); + duplicatePolicies.next(); + while (duplicatePolicies.hasNext()) { + XXPolicy xxPolicy = duplicatePolicies.next(); + if (xxPolicy != null) { + logger.info("Attempting to Remove duplicate policy:{" + xxPolicy.getId() + ":" + xxPolicy.getName() + "}"); + if (cleanupRefTables(xxPolicy.getId())) { + daoMgr.getXXPolicy().remove(xxPolicy.getId()); + } + } + } + } + } + } else { + logger.info("no duplicate Policy found"); + } + } + + private Boolean cleanupRefTables(Long policyId) { + if (policyId == null) { + return false; + } + daoMgr.getXXPolicyRefResource().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefRole().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefGroup().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefUser().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefAccessType().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefCondition().deleteByPolicyId(policyId); + daoMgr.getXXPolicyRefDataMaskType().deleteByPolicyId(policyId); + XXPolicyLabelMapDao policyLabelMapDao = daoMgr.getXXPolicyLabelMap(); + List<XXPolicyLabelMap> xxPolicyLabelMaps = policyLabelMapDao.findByPolicyId(policyId); + for (XXPolicyLabelMap xxPolicyLabelMap : xxPolicyLabelMaps) { + policyLabelMapDao.remove(xxPolicyLabelMap); + } + return true; + } } diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 7e69cc4a3..e4a2354b0 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -418,6 +418,14 @@ <query>select obj from XXPolicy obj, XXService svc, XXSecurityZone zone where obj.guid = :guid and obj.service = svc.id and svc.name = :serviceName and obj.zoneId = zone.id and zone.name = :zoneName</query> </named-query> + <named-query name="XXPolicy.findDuplicatePoliciesByServiceAndResourceSignature"> + <query>select obj.resourceSignature, obj.service from XXPolicy obj GROUP BY obj.resourceSignature, obj.service HAVING COUNT(obj.resourceSignature) > 1</query> + </named-query> + + <named-query name="XXPolicy.findByServiceIdAndResourceSignature"> + <query>select obj from XXPolicy obj where obj.service = :serviceId and obj.resourceSignature = :resSignature</query> + </named-query> + <!-- XXServiceDef --> <named-query name="XXServiceDef.findByName"> <query>select obj from XXServiceDef obj where obj.name = :name</query> @@ -1192,6 +1200,10 @@ <query>SELECT obj FROM XXPortalUser obj WHERE obj.userSource=:userSource and obj.status=:status</query> </named-query> + <named-query name="XXPortalUser.findById"> + <query>SELECT obj.firstName, obj.lastName, obj.publicScreenName, obj.loginId FROM XXPortalUser obj WHERE obj.id=:id</query> + </named-query> + <!-- VXModuleDef --> <named-query name="XXModuleDef.findByModuleId"> <query>SELECT obj FROM XXModuleDef obj