RANGER-4642: on security-zone delete/update, delete associated GDS objects
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
index afbce78..0dad263 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/GdsStore.java
@@ -28,6 +28,7 @@
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.util.SearchFilter;
+import java.util.Collection;
import java.util.List;
/**
@@ -133,4 +134,8 @@
PList<RangerDatasetInProject> searchDatasetInProjects(SearchFilter filter) throws Exception;
void deleteAllGdsObjectsForService(Long serviceId) throws Exception;
+
+ void deleteAllGdsObjectsForSecurityZone(Long zoneId) throws Exception;
+
+ void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) throws Exception;
}
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
index 701165f..a696479 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java
@@ -1191,7 +1191,7 @@
}
@Override
- public void deleteAllGdsObjectsForService(Long serviceId) throws Exception {
+ public void deleteAllGdsObjectsForService(Long serviceId) {
LOG.debug("==> deleteAllGdsObjectsForService({})", serviceId);
List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByServiceId(serviceId);
@@ -1200,21 +1200,70 @@
LOG.info("Deleting {} dataShares associated with service id={}", dataShares.size(), serviceId);
dataShares.forEach(dataShare -> {
- try {
- LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
+ LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
- deleteDataShare(dataShare.getId(), true);
- } catch (Exception excp) {
- LOG.error("failed to delete dataShare id={}, name={}", dataShare.getId(), dataShare.getName(), excp);
-
- throw excp;
- }
+ deleteDataShare(dataShare.getId(), true);
});
}
LOG.debug("<== deleteAllGdsObjectsForService({})", serviceId);
}
+ @Override
+ public void deleteAllGdsObjectsForSecurityZone(Long zoneId) {
+ LOG.debug("==> deleteAllGdsObjectsForSecurityZone({})", zoneId);
+
+ List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByZoneId(zoneId);
+
+ if (CollectionUtils.isNotEmpty(dataShares)) {
+ LOG.info("Deleting {} dataShares associated with securityZone id={}", dataShares.size(), zoneId);
+
+ dataShares.forEach(dataShare -> {
+ LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
+
+ deleteDataShare(dataShare.getId(), true);
+ });
+ }
+
+ LOG.debug("<== deleteAllGdsObjectsForSecurityZone({})", zoneId);
+ }
+
+ @Override
+ public void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) {
+ LOG.debug("==> deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
+
+ if (zoneId != null && CollectionUtils.isNotEmpty(serviceNames)) {
+ XXServiceDao serviceDao = daoMgr.getXXService();
+ XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
+
+ for (String serviceName : serviceNames) {
+ Long serviceId = serviceDao.findIdByName(serviceName);
+
+ if (serviceId == null) {
+ LOG.warn("deleteAllGdsObjectsForServicesInSecurityZone(): invalid service name={}. Ignored", serviceName);
+
+ continue;
+ }
+
+ List<XXGdsDataShare> dataShares = dataShareDao.findByServiceIdAndZoneId(serviceId, zoneId);
+
+ if (CollectionUtils.isEmpty(dataShares)) {
+ continue;
+ }
+
+ LOG.info("Deleting {} dataShares associated with service(name={}) in securityZone(id={})", dataShares.size(), serviceName, zoneId);
+
+ dataShares.forEach(dataShare -> {
+ LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
+
+ deleteDataShare(dataShare.getId(), true);
+ });
+ }
+ }
+
+ LOG.debug("<== deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
+ }
+
public ServiceGdsInfo getGdsInfoIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
LOG.debug("==> GdsDBStore.getGdsInfoIfUpdated({}, {})", serviceName , lastKnownVersion);
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java
index 2845a1d..8acca8f 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareDao.java
@@ -75,7 +75,7 @@
if (serviceId != null) {
try {
ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByServiceId", tClass)
- .setParameter("serviceId", serviceId).getResultList();
+ .setParameter("serviceId", serviceId).getResultList();
} catch (NoResultException e) {
LOG.debug("findByServiceId({}): ", serviceId, e);
}
@@ -84,16 +84,31 @@
return ret != null ? ret : Collections.emptyList();
}
+ public List<XXGdsDataShare> findByZoneId(Long zoneId) {
+ List<XXGdsDataShare> ret = null;
+
+ if (zoneId != null) {
+ try {
+ ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByZoneId", tClass)
+ .setParameter("zoneId", zoneId).getResultList();
+ } catch (NoResultException e) {
+ LOG.debug("findByZoneId({}): ", zoneId, e);
+ }
+ }
+
+ return ret != null ? ret : Collections.emptyList();
+ }
+
public List<XXGdsDataShare> findByServiceIdAndZoneId(Long serviceId, Long zoneId) {
List<XXGdsDataShare> ret = null;
- if (serviceId != null) {
+ if (serviceId != null && zoneId != null) {
try {
ret = getEntityManager().createNamedQuery("XXGdsDataShare.findByServiceIdAndZoneId", tClass)
- .setParameter("serviceId", serviceId)
- .setParameter("zoneId", zoneId).getResultList();
+ .setParameter("serviceId", serviceId)
+ .setParameter("zoneId", zoneId).getResultList();
} catch (NoResultException e) {
- LOG.debug("findByServiceIdAndZoneId({}): ", serviceId, e);
+ LOG.debug("findByServiceIdAndZoneId({}, {}): ", serviceId, zoneId, e);
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index e7e0abb..f9fd494 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -54,7 +54,6 @@
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.utils.StringUtil;
import org.apache.ranger.biz.AssetMgr;
-import org.apache.ranger.biz.GdsDBStore;
import org.apache.ranger.biz.PolicyRefUpdater;
import org.apache.ranger.biz.RangerPolicyAdmin;
import org.apache.ranger.biz.RangerBizUtil;
@@ -241,9 +240,6 @@
TagDBStore tagStore;
@Autowired
- GdsDBStore gdsStore;
-
- @Autowired
RangerTransactionSynchronizationAdapter rangerTransactionSynchronizationAdapter;
private RangerPolicyEngineOptions delegateAdminOptions;
@@ -4649,7 +4645,6 @@
}
tagStore.deleteAllTagObjectsForService(service.getName());
- gdsStore.deleteAllGdsObjectsForService(id);
deletedServiceName = service.getName();
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
index 940bd0b..25567c7 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerSecurityZoneServiceService.java
@@ -33,6 +33,7 @@
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.authorization.hadoop.config.RangerAdminConfig;
import org.apache.ranger.authorization.utils.StringUtil;
+import org.apache.ranger.biz.GdsDBStore;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.view.VTrxLogAttr;
@@ -65,6 +66,9 @@
@Autowired
ServiceDBStore serviceDBStore;
+ @Autowired
+ GdsDBStore gdsStore;
+
boolean compressJsonData = false;
private static final Logger logger = LoggerFactory.getLogger(RangerSecurityZoneServiceService.class);
@@ -227,6 +231,8 @@
serviceDBStore.deleteZonePolicies(deletedTagServiceNames, ret.getId());
+ gdsStore.deleteAllGdsObjectsForServicesInSecurityZone(deletedServiceNames, ret.getId());
+
oldServiceNames.addAll(updatedServiceNames);
updateServiceInfos(oldServiceNames);
} catch (Exception exception) {
@@ -249,6 +255,7 @@
try {
serviceDBStore.deleteZonePolicies(allServiceNames, id);
+ gdsStore.deleteAllGdsObjectsForSecurityZone(id);
updateServiceInfos(allServiceNames);
} catch (Exception exception) {
logger.error("preDelete processing failed for security-zone:[" + viewObject + "]", exception);
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
index 74a3caa..3acbfd5 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerServiceService.java
@@ -26,6 +26,7 @@
import java.util.Map.Entry;
import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.biz.GdsDBStore;
import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.JSONUtil;
@@ -54,6 +55,9 @@
@Autowired
JSONUtil jsonUtil;
+ @Autowired
+ GdsDBStore gdsStore;
+
private String hiddenPasswordString;
static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>();
@@ -357,6 +361,12 @@
XXService ret = super.preDelete(id);
if (ret != null) {
+ try {
+ gdsStore.deleteAllGdsObjectsForService(id);
+ } catch (Exception excp) {
+ LOG.error("Error deleting GDS objects for service(id={})", id, excp);
+ }
+
XXServiceVersionInfoDao serviceVersionInfoDao = daoMgr.getXXServiceVersionInfo();
XXServiceVersionInfo serviceVersionInfo = serviceVersionInfoDao.findByServiceId(id);
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index ae6788b..52ecf8a 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -2212,6 +2212,10 @@
<query>select obj from XXGdsDataShare obj where obj.serviceId = :serviceId</query>
</named-query>
+ <named-query name="XXGdsDataShare.findByZoneId">
+ <query>select obj from XXGdsDataShare obj where obj.zoneId = :zoneId</query>
+ </named-query>
+
<named-query name="XXGdsDataShare.findByServiceIdAndZoneId">
<query>select obj from XXGdsDataShare obj where obj.serviceId = :serviceId and obj.zoneId = :zoneId</query>
</named-query>