Google Git
Sign in
apache / ranger / 614114efdd0589084aa3ab31fe4c9a0d41dd3fa8 / . / security-admin / src / main / java / org / apache / ranger / biz / GdsDBStore.java
blob: a69647948f4d504987cdb18ad7b2f550233839ca [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.ranger.biz;
import org.apache.http.HttpStatus;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.ranger.common.*;
import org.apache.ranger.common.db.RangerTransactionSynchronizationAdapter;
import org.apache.ranger.db.*;
import org.apache.ranger.entity.*;
import org.apache.ranger.plugin.model.RangerGds.*;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerPolicyDelta;
import org.apache.ranger.plugin.model.RangerPrincipal.PrincipalType;
import org.apache.ranger.plugin.store.AbstractGdsStore;
import org.apache.ranger.plugin.store.PList;
import org.apache.ranger.plugin.store.ServiceStore;
import org.apache.ranger.plugin.util.*;
import org.apache.ranger.service.*;
import org.apache.ranger.validation.RangerGdsValidationDBProvider;
import org.apache.ranger.validation.RangerGdsValidator;
import org.apache.ranger.view.RangerGdsVList.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
import java.util.*;
import java.util.function.Function;
import java.util.stream.Collectors;
import static org.apache.ranger.db.XXGlobalStateDao.RANGER_GLOBAL_STATE_NAME_GDS;
import static org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME;
@Component
public class GdsDBStore extends AbstractGdsStore {
private static final Logger LOG = LoggerFactory.getLogger(GdsDBStore.class);
public static final String RESOURCE_NAME_DATASET_ID = "dataset-id";
public static final String RESOURCE_NAME_PROJECT_ID = "project-id";
public static final String NOT_AUTHORIZED_FOR_DATASET_POLICIES = "User is not authorized to manage policies for this dataset";
public static final String NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES = "User is not authorized to view policies for this dataset";
public static final String NOT_AUTHORIZED_FOR_PROJECT_POLICIES = "User is not authorized to manage policies for this dataset";
public static final String NOT_AUTHORIZED_TO_VIEW_PROJECT_POLICIES = "User is not authorized to view policies for this dataset";
private static final Set<Integer> SHARE_STATUS_AGR = new HashSet<>(Arrays.asList(GdsShareStatus.ACTIVE.ordinal(), GdsShareStatus.GRANTED.ordinal(), GdsShareStatus.REQUESTED.ordinal()));
@Autowired
RangerGdsValidator validator;
@Autowired
RangerGdsValidationDBProvider validationDBProvider;
@Autowired
RangerDaoManager daoMgr;
@Autowired
RangerGdsDataShareService dataShareService;
@Autowired
RangerGdsSharedResourceService sharedResourceService;
@Autowired
RangerGdsDatasetService datasetService;
@Autowired
RangerGdsDataShareInDatasetService dataShareInDatasetService;
@Autowired
RangerGdsProjectService projectService;
@Autowired
RangerGdsDatasetInProjectService datasetInProjectService;
@Autowired
RangerTransactionSynchronizationAdapter transactionSynchronizationAdapter;
@Autowired
GUIDUtil guidUtil;
@Autowired
RangerBizUtil bizUtil;
@Autowired
ServiceStore svcStore;
@Autowired
RESTErrorUtil restErrorUtil;
@Autowired
ServiceGdsInfoCache serviceGdsInfoCache;
@Autowired
GdsPolicyAdminCache gdsPolicyAdminCache;
@PostConstruct
public void initStore() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> GdsInMemoryStore.initStore()");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== GdsInMemoryStore.initStore()");
}
}
@Override
public RangerDataset createDataset(RangerDataset dataset) {
LOG.debug("==> createDataset({})", dataset);
dataset.setName(StringUtils.trim(dataset.getName()));
validator.validateCreate(dataset);
if (StringUtils.isBlank(dataset.getGuid())) {
dataset.setGuid(guidUtil.genGUID());
}
if (dataset.getAcl() == null) {
dataset.setAcl(new RangerGdsObjectACL());
}
addCreatorAsAclAdmin(dataset.getAcl());
RangerDataset ret = datasetService.create(dataset);
datasetService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersion();
LOG.debug("<== createDataset({}): ret={}", dataset, ret);
return ret;
}
@Override
public RangerDataset updateDataset(RangerDataset dataset) {
LOG.debug("==> updateDataset({})", dataset);
RangerDataset existing = null;
try {
existing = datasetService.read(dataset.getId());
} catch (Exception excp) {
// ignore
}
dataset.setName(StringUtils.trim(dataset.getName()));
validator.validateUpdate(dataset, existing);
copyExistingBaseFields(dataset, existing);
RangerDataset ret = datasetService.update(dataset);
datasetService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForDataset(ret.getId());
LOG.debug("<== updateDataset({}): ret={}", dataset, ret);
return ret;
}
@Override
public void deleteDataset(Long datasetId, boolean forceDelete) throws Exception {
LOG.debug("==> deleteDataset({}, {})", datasetId, forceDelete);
RangerDataset existing = null;
try {
existing = datasetService.read(datasetId);
} catch (Exception excp) {
// ignore
}
validator.validateDelete(datasetId, existing);
if (existing != null) {
updateGdsVersionForDataset(existing.getId());
if (forceDelete) {
removeDSHIDForDataset(datasetId);
removeDIPForDataset(datasetId);
}
deleteDatasetPolicies(existing);
datasetService.delete(existing);
datasetService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
}
LOG.debug("<== deleteDataset({}, {})", datasetId, forceDelete);
}
@Override
public RangerDataset getDataset(Long datasetId) throws Exception {
LOG.debug("==> getDataset({})", datasetId);
RangerDataset ret = datasetService.read(datasetId);
if (ret != null && !validator.hasPermission(ret.getAcl(), GdsPermission.VIEW)) {
throw new Exception("no permission on dataset id=" + datasetId);
}
LOG.debug("<== getDataset({}): ret={}", datasetId, ret);
return ret;
}
@Override
public RangerDataset getDatasetByName(String name) throws Exception {
LOG.debug("==> getDatasetByName({})", name);
XXGdsDatasetDao datasetDao = daoMgr.getXXGdsDataset();
XXGdsDataset existing = datasetDao.findByName(name);
if (existing == null) {
throw new Exception("no dataset with name=" + name);
}
RangerDataset ret = datasetService.getPopulatedViewObject(existing);
if (ret != null && !validator.hasPermission(ret.getAcl(), GdsPermission.VIEW)) {
throw new Exception("no permission on dataset name=" + name);
}
LOG.debug("<== getDatasetByName({}): ret={}", name, ret);
return ret;
}
@Override
public PList<String> getDatasetNames(SearchFilter filter) {
LOG.debug("==> getDatasetNames({})", filter);
PList<RangerDataset> datasets = searchDatasets(filter);
PList<String> ret = new PList<>(new ArrayList<>(), datasets.getStartIndex(), datasets.getPageSize(), datasets.getTotalCount(), datasets.getResultSize(), datasets.getSortType(), datasets.getSortBy());
ret.setQueryTimeMS(datasets.getQueryTimeMS());
if (CollectionUtils.isNotEmpty(datasets.getList())) {
for (RangerDataset dataset : datasets.getList()) {
ret.getList().add(dataset.getName());
}
}
LOG.debug("<== getDatasetNames({}): ret={}", filter, ret);
return ret;
}
@Override
public PList<RangerDataset> searchDatasets(SearchFilter filter) {
LOG.debug("==> searchDatasets({})", filter);
if (filter.getParam(SearchFilter.CREATED_BY) != null) {
setUserId(filter, SearchFilter.CREATED_BY);
}
PList<RangerDataset> ret = getUnscrubbedDatasets(filter);
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
for (RangerDataset dataset : ret.getList()) {
if (gdsPermission.equals(GdsPermission.LIST)) {
scrubDatasetForListing(dataset);
}
}
LOG.debug("<== searchDatasets({}): ret={}", filter, ret);
return ret;
}
@Override
public RangerPolicy addDatasetPolicy(Long datasetId, RangerPolicy policy) throws Exception {
LOG.debug("==> addDatasetPolicy({}, {})", datasetId, policy);
RangerDataset dataset = datasetService.read(datasetId);
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
}
prepareDatasetPolicy(dataset, policy);
RangerPolicy ret = svcStore.createPolicy(policy);
daoMgr.getXXGdsDatasetPolicyMap().create(new XXGdsDatasetPolicyMap(datasetId, ret.getId()));
updateGdsVersionForDataset(datasetId);
LOG.debug("<== addDatasetPolicy({}, {}): ret={}", datasetId, policy, ret);
return ret;
}
@Override
public RangerPolicy updateDatasetPolicy(Long datasetId, RangerPolicy policy) throws Exception {
LOG.debug("==> updateDatasetPolicy({}, {})", datasetId, policy);
RangerDataset dataset = datasetService.read(datasetId);
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
}
XXGdsDatasetPolicyMap existing = daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId, policy.getId());
if (existing == null) {
throw new Exception("no policy exists: datasetId=" + datasetId + ", policyId=" + policy.getId());
}
prepareDatasetPolicy(dataset, policy);
RangerPolicy ret = svcStore.updatePolicy(policy);
updateGdsVersionForDataset(datasetId);
LOG.debug("<== updateDatasetPolicy({}, {}): ret={}", datasetId, policy, ret);
return ret;
}
@Override
public void deleteDatasetPolicy(Long datasetId, Long policyId) throws Exception {
LOG.debug("==> deleteDatasetPolicy({}, {})", datasetId, policyId);
RangerDataset dataset = datasetService.read(datasetId);
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
}
XXGdsDatasetPolicyMap existing = daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId, policyId);
if (existing == null) {
throw new Exception("no policy exists: datasetId=" + datasetId + ", policyId=" + policyId);
}
RangerPolicy policy = svcStore.getPolicy(policyId);
daoMgr.getXXGdsDatasetPolicyMap().remove(existing);
svcStore.deletePolicy(policy);
updateGdsVersionForDataset(datasetId);
LOG.debug("<== deleteDatasetPolicy({}, {})", datasetId, policyId);
}
@Override
public void deleteDatasetPolicies(Long datasetId) throws Exception {
LOG.debug("==> deleteDatasetPolicies({})", datasetId);
RangerDataset dataset = datasetService.read(datasetId);
deleteDatasetPolicies(dataset);
updateGdsVersionForDataset(datasetId);
LOG.debug("<== deleteDatasetPolicy({})", datasetId);
}
@Override
public RangerPolicy getDatasetPolicy(Long datasetId, Long policyId) throws Exception {
LOG.debug("==> getDatasetPolicy({}, {})", datasetId, policyId);
RangerDataset dataset = datasetService.read(datasetId);
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.AUDIT)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
}
XXGdsDatasetPolicyMap existing = daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMap(datasetId, policyId);
if (existing == null) {
throw new Exception("no policy exists: datasetId=" + datasetId + ", policyId=" + policyId);
}
RangerPolicy ret = svcStore.getPolicy(policyId);
LOG.debug("<== getDatasetPolicy({}, {}): ret={}", datasetId, policyId, ret);
return ret;
}
@Override
public List<RangerPolicy> getDatasetPolicies(Long datasetId) throws Exception {
LOG.debug("==> getDatasetPolicies({})", datasetId);
RangerDataset dataset = datasetService.read(datasetId);
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.AUDIT)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_DATASET_POLICIES);
}
List<RangerPolicy> ret = getPolicies(daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyIds(datasetId));
LOG.debug("<== getDatasetPolicies({}): ret={}", datasetId, ret);
return ret;
}
@Override
public RangerProject createProject(RangerProject project) {
LOG.debug("==> createProject({})", project);
project.setName(StringUtils.trim(project.getName()));
validator.validateCreate(project);
if (StringUtils.isBlank(project.getGuid())) {
project.setGuid(guidUtil.genGUID());
}
if (project.getAcl() == null) {
project.setAcl(new RangerGdsObjectACL());
}
addCreatorAsAclAdmin(project.getAcl());
RangerProject ret = projectService.create(project);
projectService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersion();
LOG.debug("<== createProject({}): ret={}", project, ret);
return ret;
}
@Override
public RangerProject updateProject(RangerProject project) {
LOG.debug("==> updateProject({})", project);
RangerProject existing = null;
try {
existing = projectService.read(project.getId());
} catch (Exception excp) {
// ignore
}
project.setName(StringUtils.trim(project.getName()));
validator.validateUpdate(project, existing);
copyExistingBaseFields(project, existing);
RangerProject ret = projectService.update(project);
projectService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForProject(ret.getId());
LOG.debug("<== updateProject({}): ret={}", project, ret);
return ret;
}
@Override
public void deleteProject(Long projectId, boolean forceDelete) throws Exception {
LOG.debug("==> deleteProject({}, {})", projectId, forceDelete);
RangerProject existing = null;
try {
existing = projectService.read(projectId);
} catch(Exception excp) {
// ignore
}
validator.validateDelete(projectId, existing);
if (existing != null) {
updateGdsVersionForProject(existing.getId());
if (forceDelete) {
removeDIPForProject(existing.getId());
}
deleteProjectPolicies(existing);
projectService.delete(existing);
projectService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
}
LOG.debug("<== deleteProject({})", projectId);
}
@Override
public RangerProject getProject(Long projectId) throws Exception {
LOG.debug("==> getProject({})", projectId);
RangerProject ret = projectService.read(projectId);
if (ret != null && !validator.hasPermission(ret.getAcl(), GdsPermission.VIEW)) {
throw new Exception("no permission on project id=" + projectId);
}
LOG.debug("<== getProject({}): ret={}", projectId, ret);
return ret;
}
@Override
public RangerProject getProjectByName(String name) throws Exception {
LOG.debug("==> getProjectByName({})", name);
XXGdsProjectDao projectDao = daoMgr.getXXGdsProject();
XXGdsProject existing = projectDao.findByName(name);
if (existing == null) {
throw new Exception("no project with name=" + name);
}
RangerProject ret = projectService.getPopulatedViewObject(existing);
if (ret != null && !validator.hasPermission(ret.getAcl(), GdsPermission.VIEW)) {
throw new Exception("no permission on project name=" + name);
}
LOG.debug("<== getProjectByName({}): ret={}", name, ret);
return ret;
}
@Override
public PList<String> getProjectNames(SearchFilter filter) {
LOG.debug("==> getProjectNames({})", filter);
PList<RangerProject> projects = searchProjects(filter);
PList<String> ret = new PList<>(new ArrayList<>(), projects.getStartIndex(), projects.getPageSize(), projects.getTotalCount(), projects.getResultSize(), projects.getSortType(), projects.getSortBy());
ret.setQueryTimeMS(projects.getQueryTimeMS());
if (CollectionUtils.isNotEmpty(projects.getList())) {
for (RangerProject project : projects.getList()) {
ret.getList().add(project.getName());
}
}
LOG.debug("<== getProjectNames({}): ret={}", filter, ret);
return ret;
}
@Override
public PList<RangerProject> searchProjects(SearchFilter filter) {
LOG.debug("==> searchProjects({})", filter);
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
PList<RangerProject> ret = getUnscrubbedProjects(filter);
for (RangerProject project : ret.getList()) {
if (gdsPermission.equals(GdsPermission.LIST)) {
scrubProjectForListing(project);
}
}
LOG.debug("<== searchProjects({}): ret={}", filter, ret);
return ret;
}
@Override
public RangerPolicy addProjectPolicy(Long projectId, RangerPolicy policy) throws Exception {
LOG.debug("==> addProjectPolicy({}, {})", projectId, policy);
RangerProject project = projectService.read(projectId);
if (!validator.hasPermission(project.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
}
prepareProjectPolicy(project, policy);
RangerPolicy ret = svcStore.createPolicy(policy);
daoMgr.getXXGdsProjectPolicyMap().create(new XXGdsProjectPolicyMap(projectId, ret.getId()));
updateGdsVersionForProject(project.getId());
LOG.debug("<== addProjectPolicy({}, {}): ret={}", projectId, policy, ret);
return ret;
}
@Override
public RangerPolicy updateProjectPolicy(Long projectId, RangerPolicy policy) throws Exception {
LOG.debug("==> updateProjectPolicy({}, {})", projectId, policy);
RangerProject project = projectService.read(projectId);
if (!validator.hasPermission(project.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
}
XXGdsProjectPolicyMap existing = daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId, policy.getId());
if (existing == null) {
throw new Exception("no policy exists: projectId=" + projectId + ", policyId=" + policy.getId());
}
prepareProjectPolicy(project, policy);
RangerPolicy ret = svcStore.updatePolicy(policy);
updateGdsVersionForProject(project.getId());
LOG.debug("<== updateProjectPolicy({}, {}): ret={}", projectId, policy, ret);
return ret;
}
@Override
public void deleteProjectPolicy(Long projectId, Long policyId) throws Exception {
LOG.debug("==> deleteProjectPolicy({}, {})", projectId, policyId);
RangerProject project = projectService.read(projectId);
if (!validator.hasPermission(project.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
}
XXGdsProjectPolicyMap existing = daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId, policyId);
if (existing == null) {
throw new Exception("no policy exists: projectId=" + projectId + ", policyId=" + policyId);
}
RangerPolicy policy = svcStore.getPolicy(policyId);
daoMgr.getXXGdsProjectPolicyMap().remove(existing);
svcStore.deletePolicy(policy);
updateGdsVersionForProject(project.getId());
LOG.debug("<== deleteProjectPolicy({}, {})", projectId, policyId);
}
@Override
public void deleteProjectPolicies(Long projectId) throws Exception {
LOG.debug("==> deleteProjectPolicies({})", projectId);
RangerProject project = projectService.read(projectId);
deleteProjectPolicies(project);
updateGdsVersionForProject(project.getId());
LOG.debug("<== deleteProjectPolicy({})", projectId);
}
@Override
public RangerPolicy getProjectPolicy(Long projectId, Long policyId) throws Exception {
LOG.debug("==> getProjectPolicy({}, {})", projectId, policyId);
RangerProject project = projectService.read(projectId);
if (!validator.hasPermission(project.getAcl(), GdsPermission.AUDIT)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_PROJECT_POLICIES);
}
XXGdsProjectPolicyMap existing = daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMap(projectId, policyId);
if (existing == null) {
throw new Exception("no policy exists: projectId=" + projectId + ", policyId=" + policyId);
}
RangerPolicy ret = svcStore.getPolicy(policyId);
LOG.debug("<== getProjectPolicy({}, {}): ret={}", projectId, policyId, ret);
return ret;
}
@Override
public List<RangerPolicy> getProjectPolicies(Long projectId) throws Exception {
LOG.debug("==> getProjectPolicies({})", projectId);
RangerProject project = projectService.read(projectId);
if (!validator.hasPermission(project.getAcl(), GdsPermission.AUDIT)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_TO_VIEW_PROJECT_POLICIES);
}
List<RangerPolicy> ret = getPolicies(daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyIds(projectId));
LOG.debug("<== getProjectPolicies({}): ret={}", projectId, ret);
return ret;
}
@Override
public RangerDataShare createDataShare(RangerDataShare dataShare) {
LOG.debug("==> createDataShare({})", dataShare);
dataShare.setName(StringUtils.trim(dataShare.getName()));
validator.validateCreate(dataShare);
if (StringUtils.isBlank(dataShare.getGuid())) {
dataShare.setGuid(guidUtil.genGUID());
}
if (dataShare.getAcl() == null) {
dataShare.setAcl(new RangerGdsObjectACL());
}
addCreatorAsAclAdmin(dataShare.getAcl());
RangerDataShare ret = dataShareService.create(dataShare);
dataShareService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersion();
LOG.debug("<== createDataShare({}): ret={}", dataShare, ret);
return ret;
}
@Override
public RangerDataShare updateDataShare(RangerDataShare dataShare) {
LOG.debug("==> updateDataShare({})", dataShare);
RangerDataShare existing = null;
try {
existing = dataShareService.read(dataShare.getId());
} catch (Exception excp) {
// ignore
}
dataShare.setName(StringUtils.trim(dataShare.getName()));
validator.validateUpdate(dataShare, existing);
copyExistingBaseFields(dataShare, existing);
RangerDataShare ret = dataShareService.update(dataShare);
dataShareService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForService(dataShare.getService());
LOG.debug("<== updateDataShare({}): ret={}", dataShare, ret);
return ret;
}
@Override
public void deleteDataShare(Long dataShareId, boolean forceDelete) {
LOG.debug("==> deleteDataShare(dataShareId: {}, forceDelete: {})", dataShareId, forceDelete);
RangerDataShare existing = null;
try {
existing = dataShareService.read(dataShareId);
} catch (Exception excp) {
// ignore
}
validator.validateDelete(dataShareId, existing);
if (existing != null) {
if (forceDelete) {
removeDshInDsForDataShare(dataShareId);
removeSharedResourcesForDataShare(dataShareId);
}
dataShareService.delete(existing);
dataShareService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
updateGdsVersionForService(existing.getService());
}
LOG.debug("<== deleteDataShare(dataShareId: {}, forceDelete: {})", dataShareId, forceDelete);
}
@Override
public RangerDataShare getDataShare(Long dataShareId) throws Exception {
LOG.debug("==> getDataShare({})", dataShareId);
RangerDataShare ret = dataShareService.read(dataShareId);
if (ret != null && !validator.hasPermission(ret.getAcl(), GdsPermission.VIEW)) {
throw new Exception("no permission on dataShare id=" + dataShareId);
}
LOG.debug("<== getDataShare({}): ret={}", dataShareId, ret);
return ret;
}
@Override
public PList<RangerDataShare> searchDataShares(SearchFilter filter) {
LOG.debug("==> searchDataShares({})", filter);
PList<RangerDataShare> ret = getUnscrubbedDataShares(filter);
List<RangerDataShare> dataShares = ret.getList();
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
for (RangerDataShare dataShare : dataShares) {
if (gdsPermission.equals(GdsPermission.LIST)) {
scrubDataShareForListing(dataShare);
}
}
LOG.debug("<== searchDataShares({}): ret={}", filter, ret);
return ret;
}
@Override
public RangerSharedResource addSharedResource(RangerSharedResource resource) {
LOG.debug("==> addSharedResource({})", resource);
resource.setName(StringUtils.trim(resource.getName()));
validator.validateCreate(resource);
if (StringUtils.isBlank(resource.getGuid())) {
resource.setGuid(guidUtil.genGUID());
}
RangerSharedResource ret = sharedResourceService.create(resource);
sharedResourceService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersionForDataShare(ret.getDataShareId());
LOG.debug("<== addSharedResource({}): ret={}", resource, ret);
return ret;
}
@Override
public RangerSharedResource updateSharedResource(RangerSharedResource resource) {
LOG.debug("==> updateSharedResource({})", resource);
RangerSharedResource existing = null;
try {
existing = sharedResourceService.read(resource.getId());
} catch (Exception excp) {
// ignore
}
resource.setName(StringUtils.trim(resource.getName()));
validator.validateUpdate(resource, existing);
copyExistingBaseFields(resource, existing);
RangerSharedResource ret = sharedResourceService.update(resource);
sharedResourceService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForDataShare(ret.getDataShareId());
LOG.debug("<== updateSharedResource({}): ret={}", resource, ret);
return ret;
}
@Override
public void removeSharedResource(Long sharedResourceId) {
LOG.debug("==> removeSharedResource({})", sharedResourceId);
RangerSharedResource existing = null;
try {
existing = sharedResourceService.read(sharedResourceId);
} catch (Exception excp) {
// ignore
}
validator.validateDelete(sharedResourceId, existing);
if (existing != null) {
sharedResourceService.delete(existing);
sharedResourceService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
updateGdsVersionForDataShare(existing.getDataShareId());
}
LOG.debug("<== removeSharedResource({})", sharedResourceId);
}
@Override
public RangerSharedResource getSharedResource(Long sharedResourceId) {
LOG.debug("==> getSharedResource({})", sharedResourceId);
RangerSharedResource ret = sharedResourceService.read(sharedResourceId);
// TODO: enforce RangerSharedResource.acl
LOG.debug("<== getSharedResource({}): ret={}", sharedResourceId, ret);
return ret;
}
@Override
public PList<RangerSharedResource> searchSharedResources(SearchFilter filter) {
LOG.debug("==> searchSharedResources({})", filter);
int maxRows = filter.getMaxRows();
int startIndex = filter.getStartIndex();
final String resourceContains = filter.getParam(SearchFilter.RESOURCE_CONTAINS);
filter.removeParam(SearchFilter.RESOURCE_CONTAINS);
if (StringUtils.isNotEmpty(resourceContains)) {
filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true");
}
RangerSharedResourceList result = sharedResourceService.searchSharedResources(filter);
List<RangerSharedResource> sharedResources = new ArrayList<>();
for (RangerSharedResource sharedResource : result.getList()) {
// TODO: enforce RangerSharedResource.acl
boolean includeResource = true;
if (StringUtils.isNotEmpty(resourceContains)) {
includeResource = false;
if (sharedResource.getResource() != null) {
final Collection<RangerPolicyResource> resources = sharedResource.getResource().values();
if (CollectionUtils.isNotEmpty(resources)) {
includeResource = resources.stream().filter(Objects::nonNull)
.map(RangerPolicyResource::getValues).filter(Objects::nonNull)
.anyMatch(res -> hasResource(res, resourceContains));
if (!includeResource && sharedResource.getSubResource() != null && CollectionUtils.isNotEmpty(sharedResource.getSubResource().getValues())) {
includeResource = sharedResource.getSubResource().getValues().stream().filter(Objects::nonNull)
.anyMatch(value -> value.contains(resourceContains));
}
}
}
}
if (includeResource) {
sharedResources.add(sharedResource);
}
}
PList<RangerSharedResource> ret = getPList(sharedResources, startIndex, maxRows, result.getSortBy(), result.getSortType());
LOG.debug("<== searchSharedResources({}): ret={}", filter, ret);
return ret;
}
public List<RangerDataShareInDataset> addDataSharesInDataset(List<RangerDataShareInDataset> dataSharesInDataset) throws Exception {
LOG.debug("==> addDataSharesInDataset({})", dataSharesInDataset);
List<RangerDataShareInDataset> ret = new ArrayList<>();
validate(dataSharesInDataset);
for (RangerDataShareInDataset dataShareInDataset : dataSharesInDataset) {
ret.add(createDataShareInDataset(dataShareInDataset));
}
LOG.debug("<== addDataSharesInDataset({}): ret={}", dataSharesInDataset, ret);
return ret;
}
@Override
public RangerDataShareInDataset addDataShareInDataset(RangerDataShareInDataset dataShareInDataset) throws Exception {
LOG.debug("==> addDataShareInDataset({})", dataShareInDataset);
validate(Collections.singletonList(dataShareInDataset));
RangerDataShareInDataset ret = createDataShareInDataset(dataShareInDataset);
LOG.debug("<== addDataShareInDataset({}): ret={}", dataShareInDataset, ret);
return ret;
}
@Override
public RangerDataShareInDataset updateDataShareInDataset(RangerDataShareInDataset dataShareInDataset) {
LOG.debug("==> updateDataShareInDataset({})", dataShareInDataset);
RangerDataShareInDataset existing = dataShareInDatasetService.read(dataShareInDataset.getId());
validator.validateUpdate(dataShareInDataset, existing);
copyExistingBaseFields(dataShareInDataset, existing);
dataShareInDataset.setApprover(validator.needApproverUpdate(existing.getStatus(), dataShareInDataset.getStatus()) ? bizUtil.getCurrentUserLoginId() : existing.getApprover());
RangerDataShareInDataset ret = dataShareInDatasetService.update(dataShareInDataset);
dataShareInDatasetService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForDataset(dataShareInDataset.getDatasetId());
LOG.debug("<== updateDataShareInDataset({}): ret={}", dataShareInDataset, ret);
return ret;
}
@Override
public void removeDataShareInDataset(Long dataShareInDatasetId) {
LOG.debug("==> removeDataShareInDataset({})", dataShareInDatasetId);
RangerDataShareInDataset existing = dataShareInDatasetService.read(dataShareInDatasetId);
validator.validateDelete(dataShareInDatasetId, existing);
dataShareInDatasetService.delete(existing);
dataShareInDatasetService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
updateGdsVersionForDataset(existing.getDatasetId());
LOG.debug("<== removeDataShareInDataset({})", dataShareInDatasetId);
}
@Override
public RangerDataShareInDataset getDataShareInDataset(Long dataShareInDatasetId) {
LOG.debug("==> getDataShareInDataset({})", dataShareInDatasetId);
RangerDataShareInDataset ret = dataShareInDatasetService.read(dataShareInDatasetId);
LOG.debug("<== getDataShareInDataset({}): ret={}", dataShareInDatasetId, ret);
return ret;
}
@Override
public PList<RangerDataShareInDataset> searchDataShareInDatasets(SearchFilter filter) {
LOG.debug("==> searchDataShareInDatasets({})", filter);
int maxRows = filter.getMaxRows();
int startIndex = filter.getStartIndex();
List<RangerDataShareInDataset> dataShareInDatasets = new ArrayList<>();
RangerDataShareInDatasetList result = dataShareInDatasetService.searchDataShareInDatasets(filter);
for (RangerDataShareInDataset dataShareInDataset : result.getList()) {
// TODO: enforce RangerSharedResource.acl
dataShareInDatasets.add(dataShareInDataset);
}
PList<RangerDataShareInDataset> ret = getPList(dataShareInDatasets, startIndex, maxRows, result.getSortBy(), result.getSortType());
LOG.debug("<== searchDataShareInDatasets({}): ret={}", filter, ret);
return ret;
}
@Override
public RangerDatasetInProject addDatasetInProject(RangerDatasetInProject datasetInProject) throws Exception {
LOG.debug("==> addDatasetInProject({})", datasetInProject);
XXGdsDatasetInProjectDao datasetDao = daoMgr.getXXGdsDatasetInProject();
XXGdsDatasetInProject existing = datasetDao.findByDatasetIdAndProjectId(datasetInProject.getDatasetId(), datasetInProject.getProjectId());
if (existing != null) {
throw new Exception("dataset '" + datasetInProject.getDatasetId() + "' already shared with project " + datasetInProject.getProjectId() + " - id=" + existing.getId());
}
validator.validateCreate(datasetInProject);
if (StringUtils.isBlank(datasetInProject.getGuid())) {
datasetInProject.setGuid(guidUtil.genGUID());
}
RangerDatasetInProject ret = datasetInProjectService.create(datasetInProject);
datasetInProjectService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersionForDataset(datasetInProject.getDatasetId());
LOG.debug("<== addDatasetInProject({}): ret={}", datasetInProject, ret);
return ret;
}
@Override
public RangerDatasetInProject updateDatasetInProject(RangerDatasetInProject datasetInProject) {
LOG.debug("==> updateDatasetInProject({})", datasetInProject);
RangerDatasetInProject existing = datasetInProjectService.read(datasetInProject.getId());
validator.validateUpdate(datasetInProject, existing);
copyExistingBaseFields(datasetInProject, existing);
datasetInProject.setApprover(validator.needApproverUpdate(existing.getStatus(), datasetInProject.getStatus()) ? bizUtil.getCurrentUserLoginId() : existing.getApprover());
RangerDatasetInProject ret = datasetInProjectService.update(datasetInProject);
datasetInProjectService.onObjectChange(ret, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
updateGdsVersionForDataset(datasetInProject.getDatasetId());
LOG.debug("<== updateDatasetInProject({}): ret={}", datasetInProject, ret);
return ret;
}
@Override
public void removeDatasetInProject(Long datasetInProjectId) {
LOG.debug("==> removeDatasetInProject({})", datasetInProjectId);
RangerDatasetInProject existing = datasetInProjectService.read(datasetInProjectId);
validator.validateDelete(datasetInProjectId, existing);
datasetInProjectService.delete(existing);
datasetInProjectService.onObjectChange(null, existing, RangerServiceService.OPERATION_DELETE_CONTEXT);
updateGdsVersionForDataset(existing.getDatasetId());
LOG.debug("<== removeDatasetInProject({})", datasetInProjectId);
}
@Override
public RangerDatasetInProject getDatasetInProject(Long datasetInProjectId) {
LOG.debug("==> getDatasetInProject({})", datasetInProjectId);
RangerDatasetInProject ret = datasetInProjectService.read(datasetInProjectId);
// TODO: enforce RangerDatasetInProject.acl
LOG.debug("<== getDatasetInProject({}): ret={}", datasetInProjectId, ret);
return ret;
}
@Override
public PList<RangerDatasetInProject> searchDatasetInProjects(SearchFilter filter) {
LOG.debug("==> searchDatasetInProjects({})", filter);
int maxRows = filter.getMaxRows();
int startIndex = filter.getStartIndex();
List<RangerDatasetInProject> datasetInProjects = new ArrayList<>();
RangerDatasetInProjectList result = datasetInProjectService.searchDatasetInProjects(filter);
for (RangerDatasetInProject datasetInProject : result.getList()) {
// TODO: enforce RangerDatasetInProject.acl
datasetInProjects.add(datasetInProject);
}
PList<RangerDatasetInProject> ret = getPList(datasetInProjects, startIndex, maxRows, result.getSortBy(), result.getSortType());
LOG.debug("<== searchDatasetInProjects({}): ret={}", filter, ret);
return ret;
}
@Override
public void deleteAllGdsObjectsForService(Long serviceId) {
LOG.debug("==> deleteAllGdsObjectsForService({})", serviceId);
List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByServiceId(serviceId);
if (CollectionUtils.isNotEmpty(dataShares)) {
LOG.info("Deleting {} dataShares associated with service id={}", dataShares.size(), serviceId);
dataShares.forEach(dataShare -> {
LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
deleteDataShare(dataShare.getId(), true);
});
}
LOG.debug("<== deleteAllGdsObjectsForService({})", serviceId);
}
@Override
public void deleteAllGdsObjectsForSecurityZone(Long zoneId) {
LOG.debug("==> deleteAllGdsObjectsForSecurityZone({})", zoneId);
List<XXGdsDataShare> dataShares = daoMgr.getXXGdsDataShare().findByZoneId(zoneId);
if (CollectionUtils.isNotEmpty(dataShares)) {
LOG.info("Deleting {} dataShares associated with securityZone id={}", dataShares.size(), zoneId);
dataShares.forEach(dataShare -> {
LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
deleteDataShare(dataShare.getId(), true);
});
}
LOG.debug("<== deleteAllGdsObjectsForSecurityZone({})", zoneId);
}
@Override
public void deleteAllGdsObjectsForServicesInSecurityZone(Collection<String> serviceNames, Long zoneId) {
LOG.debug("==> deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
if (zoneId != null && CollectionUtils.isNotEmpty(serviceNames)) {
XXServiceDao serviceDao = daoMgr.getXXService();
XXGdsDataShareDao dataShareDao = daoMgr.getXXGdsDataShare();
for (String serviceName : serviceNames) {
Long serviceId = serviceDao.findIdByName(serviceName);
if (serviceId == null) {
LOG.warn("deleteAllGdsObjectsForServicesInSecurityZone(): invalid service name={}. Ignored", serviceName);
continue;
}
List<XXGdsDataShare> dataShares = dataShareDao.findByServiceIdAndZoneId(serviceId, zoneId);
if (CollectionUtils.isEmpty(dataShares)) {
continue;
}
LOG.info("Deleting {} dataShares associated with service(name={}) in securityZone(id={})", dataShares.size(), serviceName, zoneId);
dataShares.forEach(dataShare -> {
LOG.info("Deleting dataShare id={}, name={}", dataShare.getId(), dataShare.getName());
deleteDataShare(dataShare.getId(), true);
});
}
}
LOG.debug("<== deleteAllGdsObjectsForServicesInSecurityZone({}, {})", serviceNames, zoneId);
}
public ServiceGdsInfo getGdsInfoIfUpdated(String serviceName, Long lastKnownVersion) throws Exception {
LOG.debug("==> GdsDBStore.getGdsInfoIfUpdated({}, {})", serviceName , lastKnownVersion);
ServiceGdsInfo latest = serviceGdsInfoCache.get(serviceName);
Long latestVersion = latest != null ? latest.getGdsVersion() : null;
ServiceGdsInfo ret = (lastKnownVersion == null || lastKnownVersion == -1 || !lastKnownVersion.equals(latestVersion)) ? latest : null;
LOG.debug("<== GdsDBStore.getGdsInfoIfUpdated({}, {}): ret={}", serviceName, lastKnownVersion, ret);
return ret;
}
public PList<DatasetSummary> getDatasetSummary(SearchFilter filter) throws Exception {
LOG.debug("==> getDatasetSummary({})", filter);
PList<RangerDataset> datasets = getUnscrubbedDatasets(filter);
List<DatasetSummary> datasetSummary = toDatasetSummary(datasets.getList(), getGdsPermissionFromFilter(filter));
PList<DatasetSummary> ret = new PList<>(datasetSummary, datasets.getStartIndex(), datasets.getPageSize(), datasets.getTotalCount(), datasets.getResultSize(), datasets.getSortType(), datasets.getSortBy());
ret.setQueryTimeMS(datasets.getQueryTimeMS());
LOG.debug("<== getDatasetSummary({}): ret={}", filter, ret);
return ret;
}
public PList<DataShareSummary> getDataShareSummary(SearchFilter filter) {
LOG.debug("==> getDataShareSummary({})", filter);
PList<RangerDataShare> dataShares = getUnscrubbedDataShares(filter);
List<DataShareSummary> dataShareSummary = toDataShareSummary(dataShares.getList(), getGdsPermissionFromFilter(filter));
PList<DataShareSummary> ret = new PList<>(dataShareSummary, dataShares.getStartIndex(), dataShares.getPageSize(), dataShares.getTotalCount(), dataShares.getResultSize(), dataShares.getSortType(), dataShares.getSortBy());
ret.setQueryTimeMS(dataShares.getQueryTimeMS());
LOG.debug("<== getDataShareSummary({}): ret={}", filter, ret);
return ret;
}
public PList<DataShareInDatasetSummary> getDshInDsSummary(SearchFilter filter) {
LOG.debug("==> getDshInDsSummary({})", filter);
int maxRows = filter.getMaxRows();
int startIndex = filter.getStartIndex();
filter.setParam(SearchFilter.GDS_PERMISSION, GdsPermission.ADMIN.name());
if (filter.getParam(SearchFilter.CREATED_BY) != null) {
setUserId(filter, SearchFilter.CREATED_BY);
}
if(filter.getParam(SearchFilter.APPROVER)!= null) {
setUserId(filter, SearchFilter.APPROVER);
}
if (filter.getParam(SearchFilter.SHARE_STATUS) != null) {
String shareStatus = filter.getParam(SearchFilter.SHARE_STATUS);
int status = GdsShareStatus.valueOf(shareStatus).ordinal();
filter.setParam(SearchFilter.SHARE_STATUS, Integer.toString(status));
}
List<RangerDataset> datasets = getUnscrubbedDatasets(filter).getList();
List<RangerDataShare> dataShares = getUnscrubbedDataShares(filter).getList();
RangerDataShareInDatasetList dshInDsList = dataShareInDatasetService.searchDataShareInDatasets(filter);
List<DataShareInDatasetSummary> dshInDsSummary = getDshInDsSummary(dataShares, datasets, dshInDsList);
PList<DataShareInDatasetSummary> ret = getPList(dshInDsSummary, startIndex, maxRows, filter.getSortBy(), filter.getSortType());
LOG.debug("<== getDshInDsSummary({}): ret={}", filter, ret);
return ret;
}
private List<DataShareInDatasetSummary> getDshInDsSummary(List<RangerDataShare> dataShares, List<RangerDataset> datasets, RangerDataShareInDatasetList dshInDsList) {
Set<DataShareInDatasetSummary> ret = new LinkedHashSet<>();
Map<Long, RangerDataset> datasetMap = toMap(datasets);
Map<Long, RangerDataShare> dataShareMap = toMap(dataShares);
for (RangerDataShareInDataset dshInDs : dshInDsList.getList()) {
RangerDataset dataset = datasetMap.get(dshInDs.getDatasetId());
RangerDataShare dataShare = dataShareMap.get(dshInDs.getDataShareId());
if (dataset != null || dataShare != null) {
if (dataset == null) {
dataset = datasetService.read(dshInDs.getDatasetId());
} else if (dataShare == null) {
dataShare = dataShareService.read(dshInDs.getDataShareId());
}
ret.add(toDshInDsSummary(dataset, dataShare, dshInDs));
}
}
return Collections.unmodifiableList(new ArrayList<>(ret));
}
private <T extends RangerGdsBaseModelObject> Map<Long, T> toMap(List<T> gdsObjects) {
return gdsObjects.stream().collect(Collectors.toMap(RangerGdsBaseModelObject::getId, Function.identity()));
}
private void updateGdsVersion() {
transactionSynchronizationAdapter.executeOnTransactionCommit(new GlobalVersionUpdater(daoMgr, RANGER_GLOBAL_STATE_NAME_GDS));
}
private void setUserId(SearchFilter filter, String filterParam) {
String userName = filter.getParam(filterParam);
Long userId = daoMgr.getXXPortalUser().findByLoginId(userName).getId();
filter.setParam(filterParam, Long.toString(userId));
}
private static class GlobalVersionUpdater implements Runnable {
final RangerDaoManager daoManager;
final String stateName;
public GlobalVersionUpdater(RangerDaoManager daoManager, String stateName) {
this.daoManager = daoManager;
this.stateName = stateName;
}
@Override
public void run() {
try {
this.daoManager.getXXGlobalState().onGlobalAppDataChange(stateName);
} catch (Exception e) {
LOG.error("Failed to update GlobalState version for state:[{}]", stateName , e);
}
}
}
private List<DatasetSummary> toDatasetSummary(List<RangerDataset> datasets, GdsPermission gdsPermission) throws Exception {
List<DatasetSummary> ret = new ArrayList<>();
String currentUser = bizUtil.getCurrentUserLoginId();
for (RangerDataset dataset : datasets) {
GdsPermission permissionForCaller = validator.getGdsPermissionForUser(dataset.getAcl(), currentUser);
DatasetSummary datasetSummary = new DatasetSummary();
datasetSummary.setId(dataset.getId());
datasetSummary.setName(dataset.getName());
datasetSummary.setDescription(dataset.getDescription());
datasetSummary.setCreateTime(dataset.getCreateTime());
datasetSummary.setUpdateTime(dataset.getUpdateTime());
datasetSummary.setCreatedBy(dataset.getCreatedBy());
datasetSummary.setUpdatedBy(dataset.getUpdatedBy());
datasetSummary.setIsEnabled(dataset.getIsEnabled());
datasetSummary.setGuid(dataset.getGuid());
datasetSummary.setVersion(dataset.getVersion());
datasetSummary.setPermissionForCaller(permissionForCaller);
ret.add(datasetSummary);
if (gdsPermission.equals(GdsPermission.LIST)) {
continue;
}
datasetSummary.setProjectsCount(getDIPCountForDataset(dataset.getId()));
datasetSummary.setPrincipalsCount(getPrincipalCountForDataset(dataset));
datasetSummary.setAclPrincipalsCount(getAclPrincipalCountForDataset(dataset));
SearchFilter filter = new SearchFilter(SearchFilter.DATASET_ID, dataset.getId().toString());
RangerDataShareList dataShares = dataShareService.searchDataShares(filter);
List<DataShareInDatasetSummary> dataSharesSummary = getDataSharesSummary(dataShares, filter);
datasetSummary.setDataShares(dataSharesSummary);
datasetSummary.setTotalResourceCount(dataSharesSummary.stream()
.map(DataShareInDatasetSummary::getResourceCount)
.mapToLong(Long::longValue)
.sum());
}
return ret;
}
private List<DataShareSummary> toDataShareSummary(List<RangerDataShare> dataShares, GdsPermission gdsPermission) {
List<DataShareSummary> ret = new ArrayList<>();
String currentUser = bizUtil.getCurrentUserLoginId();
Map<String, Long> zoneIds = new HashMap<>();
for (RangerDataShare dataShare : dataShares) {
GdsPermission permissionForCaller = validator.getGdsPermissionForUser(dataShare.getAcl(), currentUser);
if (permissionForCaller.equals(GdsPermission.NONE)) {
continue;
}
DataShareSummary dataShareSummary = new DataShareSummary();
dataShareSummary.setId(dataShare.getId());
dataShareSummary.setName(dataShare.getName());
dataShareSummary.setDescription(dataShare.getDescription());
dataShareSummary.setCreateTime(dataShare.getCreateTime());
dataShareSummary.setUpdateTime(dataShare.getUpdateTime());
dataShareSummary.setCreatedBy(dataShare.getCreatedBy());
dataShareSummary.setUpdatedBy(dataShare.getUpdatedBy());
dataShareSummary.setIsEnabled(dataShare.getIsEnabled());
dataShareSummary.setGuid(dataShare.getGuid());
dataShareSummary.setVersion(dataShare.getVersion());
dataShareSummary.setPermissionForCaller(permissionForCaller);
dataShareSummary.setZoneName(dataShare.getZone());
dataShareSummary.setZoneId(getZoneId(dataShare.getZone(), zoneIds));
dataShareSummary.setServiceName(dataShare.getService());
dataShareSummary.setServiceId(getServiceId(dataShare.getService()));
dataShareSummary.setServiceType(getServiceType(dataShare.getService()));
if (!gdsPermission.equals(GdsPermission.LIST)) {
SearchFilter filter = new SearchFilter(SearchFilter.DATA_SHARE_ID, dataShare.getId().toString());
RangerDatasetList datasets = datasetService.searchDatasets(filter);
List<DataShareInDatasetSummary> datasetsSummary = getDatasetsSummary(datasets, filter);
dataShareSummary.setDatasets(datasetsSummary);
dataShareSummary.setResourceCount(sharedResourceService.getResourceCountForDataShare(dataShare.getId()));
}
ret.add(dataShareSummary);
}
return ret;
}
private Long getDIPCountForDataset(Long datasetId) {
return datasetInProjectService.getDatasetsInProjectCount(datasetId);
}
private Map<PrincipalType, Integer> getPrincipalCountForDataset(RangerDataset dataset) throws Exception {
Map<PrincipalType, Integer> ret = new HashMap<>();
Set<String> users = Collections.emptySet();
Set<String> groups = Collections.emptySet();
Set<String> roles = Collections.emptySet();
if (validator.hasPermission(dataset.getAcl(), GdsPermission.AUDIT)) {
users = new HashSet<>();
groups = new HashSet<>();
roles = new HashSet<>();
for (RangerPolicy policy : getDatasetPolicies(dataset.getId())) {
for (RangerPolicyItem policyItem : policy.getPolicyItems()) {
users.addAll(policyItem.getUsers());
groups.addAll(policyItem.getGroups());
roles.addAll(policyItem.getRoles());
}
}
}
ret.put(PrincipalType.USER, users.size());
ret.put(PrincipalType.GROUP, groups.size());
ret.put(PrincipalType.ROLE, roles.size());
return ret;
}
private Map<PrincipalType, Integer> getAclPrincipalCountForDataset(RangerDataset dataset) {
Map<PrincipalType, Integer> ret = new HashMap<>();
ret.put(PrincipalType.USER, 0);
ret.put(PrincipalType.GROUP, 0);
ret.put(PrincipalType.ROLE, 0);
RangerGdsObjectACL acl = dataset.getAcl();
if (acl != null) {
if (acl.getUsers() != null) {
ret.put(PrincipalType.USER, acl.getUsers().size());
}
if (acl.getGroups() != null) {
ret.put(PrincipalType.GROUP, acl.getGroups().size());
}
if (acl.getRoles() != null) {
ret.put(PrincipalType.ROLE, acl.getRoles().size());
}
}
return ret;
}
private PList<RangerProject> getUnscrubbedProjects(SearchFilter filter) {
filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true");
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
RangerProjectList result = projectService.searchProjects(filter);
List<RangerProject> projects = new ArrayList<>();
boolean isSharedWithMe = Boolean.parseBoolean(filter.getParam(SearchFilter.SHARED_WITH_ME));
String userName = bizUtil.getCurrentUserLoginId();
Collection<String> groups = null;
Collection<String> roles = null;
if (isSharedWithMe) {
groups = validationDBProvider.getGroupsForUser(userName);
roles = validationDBProvider.getRolesForUser(userName);
}
for (RangerProject project : result.getList()) {
if (project == null) {
continue;
}
if (isSharedWithMe) {
if (gdsPolicyAdminCache.isProjectSharedWith(project.getId(), userName, groups, roles)) {
projects.add(project);
}
} else if (validator.hasPermission(project.getAcl(), gdsPermission)) {
projects.add(project);
}
}
return getPList(projects, filter.getStartIndex(), filter.getMaxRows(), result.getSortBy(), result.getSortType());
}
private PList<RangerDataset> getUnscrubbedDatasets(SearchFilter filter) {
filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true");
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
RangerDatasetList result = datasetService.searchDatasets(filter);
List<RangerDataset> datasets = new ArrayList<>();
boolean isSharedWithMe = Boolean.parseBoolean(filter.getParam(SearchFilter.SHARED_WITH_ME));
String userName = bizUtil.getCurrentUserLoginId();
Collection<String> groups = null;
Collection<String> roles = null;
if (isSharedWithMe) {
groups = validationDBProvider.getGroupsForUser(userName);
roles = validationDBProvider.getRolesForUser(userName);
}
for (RangerDataset dataset : result.getList()) {
if (dataset == null) {
continue;
}
if (isSharedWithMe) {
if (gdsPolicyAdminCache.isDatasetSharedWith(dataset.getId(), userName, groups, roles)) {
datasets.add(dataset);
}
} else if (validator.hasPermission(dataset.getAcl(), gdsPermission)) {
datasets.add(dataset);
}
}
int maxRows = filter.getMaxRows();
int startIndex = filter.getStartIndex();
return getPList(datasets, startIndex, maxRows, result.getSortBy(), result.getSortType());
}
private PList<RangerDataShare> getUnscrubbedDataShares(SearchFilter filter) {
filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true");
String datasetId = filter.getParam(SearchFilter.DATASET_ID);
boolean excludeDatasetId = Boolean.parseBoolean(filter.getParam(SearchFilter.EXCLUDE_DATASET_ID));
List<Long> dataSharesToExclude = null;
if (excludeDatasetId) {
filter.removeParam(SearchFilter.DATASET_ID);
dataSharesToExclude = daoMgr.getXXGdsDataShareInDataset().findDataShareIdsInStatuses(Long.parseLong(datasetId), SHARE_STATUS_AGR);
}
if (dataSharesToExclude == null) {
dataSharesToExclude = Collections.emptyList();
}
GdsPermission gdsPermission = getGdsPermissionFromFilter(filter);
RangerDataShareList result = dataShareService.searchDataShares(filter);
List<RangerDataShare> dataShares = new ArrayList<>();
for (RangerDataShare dataShare : result.getList()) {
if (dataShare == null) {
continue;
}
if (validator.hasPermission(dataShare.getAcl(), gdsPermission)) {
if (!dataSharesToExclude.contains(dataShare.getId())) {
dataShares.add(dataShare);
}
}
}
return getPList(dataShares, filter.getStartIndex(), filter.getMaxRows(), result.getSortBy(), result.getSortType());
}
private <T> PList<T> getPList(List<T> list, int startIndex, int maxEntries, String sortBy, String sortType) {
List<T> subList = startIndex < list.size() ? list.subList(startIndex, Math.min(startIndex + maxEntries, list.size())) : Collections.emptyList();
return new PList<>(subList, startIndex, maxEntries, list.size(), subList.size(), sortType, sortBy);
}
private GdsPermission getGdsPermissionFromFilter(SearchFilter filter) {
String gdsPermissionStr = filter.getParam(SearchFilter.GDS_PERMISSION);
GdsPermission gdsPermission = null;
if (StringUtils.isNotEmpty(gdsPermissionStr)) {
try {
gdsPermission = GdsPermission.valueOf(gdsPermissionStr);
} catch (IllegalArgumentException ex) {
LOG.info("Ignoring invalid GdsPermission: {}", gdsPermissionStr);
}
}
if (gdsPermission == null) {
gdsPermission = GdsPermission.VIEW;
}
return gdsPermission;
}
private void scrubDatasetForListing(RangerDataset dataset) {
dataset.setAcl(getPublicAclIfAllowed(dataset.getAcl()));
dataset.setOptions(null);
dataset.setAdditionalInfo(null);
}
private void scrubProjectForListing(RangerProject project) {
project.setAcl(getPublicAclIfAllowed(project.getAcl()));
project.setOptions(null);
project.setAdditionalInfo(null);
}
private void scrubDataShareForListing(RangerDataShare dataShare) {
dataShare.setAcl(getPublicAclIfAllowed(dataShare.getAcl()));
dataShare.setOptions(null);
dataShare.setAdditionalInfo(null);
}
private RangerGdsObjectACL getPublicAclIfAllowed(RangerGdsObjectACL acl) {
RangerGdsObjectACL ret = null;
GdsPermission grpPublicPerm = acl != null && acl.getGroups() != null ? acl.getGroups().get(RangerConstants.GROUP_PUBLIC) : null;
if (grpPublicPerm != null) {
ret = new RangerGdsObjectACL();
ret.setGroups(Collections.singletonMap(RangerConstants.GROUP_PUBLIC, grpPublicPerm));
}
return ret;
}
private void removeDshInDsForDataShare(Long dataShareId) {
SearchFilter filter = new SearchFilter(SearchFilter.DATA_SHARE_ID, dataShareId.toString());
RangerDataShareInDatasetList dshInDsList = dataShareInDatasetService.searchDataShareInDatasets(filter);
for(RangerDataShareInDataset dshInDs : dshInDsList.getList()) {
final boolean dshInDsDeleted = dataShareInDatasetService.delete(dshInDs);
if(!dshInDsDeleted) {
throw restErrorUtil.createRESTException("DataShareInDataset could not be deleted", MessageEnums.ERROR_DELETE_OBJECT, dshInDs.getId(), "DataSHareInDatasetId", null, 500);
}
}
}
private void removeSharedResourcesForDataShare(Long dataShareId) {
SearchFilter filter = new SearchFilter(SearchFilter.DATA_SHARE_ID, dataShareId.toString());
RangerSharedResourceList sharedResources = sharedResourceService.searchSharedResources(filter);
for (RangerSharedResource sharedResource : sharedResources.getList()) {
final boolean sharedResourceDeleted = sharedResourceService.delete(sharedResource);
if (!sharedResourceDeleted) {
throw restErrorUtil.createRESTException("SharedResource could not be deleted", MessageEnums.ERROR_DELETE_OBJECT, sharedResource.getId(), "SharedResourceId", null, HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
}
}
private void prepareDatasetPolicy(RangerDataset dataset, RangerPolicy policy) {
policy.setName("DATASET: " + dataset.getName() + "@" + System.currentTimeMillis());
policy.setDescription("Policy for dataset: " + dataset.getName());
policy.setServiceType(EMBEDDED_SERVICEDEF_GDS_NAME);
policy.setService(ServiceDBStore.GDS_SERVICE_NAME);
policy.setZoneName(null);
policy.setResources(Collections.singletonMap(RESOURCE_NAME_DATASET_ID, new RangerPolicyResource(dataset.getId().toString())));
policy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS);
policy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL);
policy.setAllowExceptions(Collections.emptyList());
policy.setDenyPolicyItems(Collections.emptyList());
policy.setDenyExceptions(Collections.emptyList());
policy.setDataMaskPolicyItems(Collections.emptyList());
policy.setRowFilterPolicyItems(Collections.emptyList());
policy.setIsDenyAllElse(Boolean.FALSE);
}
private void prepareProjectPolicy(RangerProject project, RangerPolicy policy) {
policy.setName("PROJECT: " + project.getName() + "@" + System.currentTimeMillis());
policy.setDescription("Policy for project: " + project.getName());
policy.setServiceType(EMBEDDED_SERVICEDEF_GDS_NAME);
policy.setService(ServiceDBStore.GDS_SERVICE_NAME);
policy.setZoneName(null);
policy.setResources(Collections.singletonMap(RESOURCE_NAME_PROJECT_ID, new RangerPolicyResource(project.getId().toString())));
policy.setPolicyType(RangerPolicy.POLICY_TYPE_ACCESS);
policy.setPolicyPriority(RangerPolicy.POLICY_PRIORITY_NORMAL);
policy.setAllowExceptions(Collections.emptyList());
policy.setDenyPolicyItems(Collections.emptyList());
policy.setDenyExceptions(Collections.emptyList());
policy.setDataMaskPolicyItems(Collections.emptyList());
policy.setRowFilterPolicyItems(Collections.emptyList());
policy.setIsDenyAllElse(Boolean.FALSE);
}
private void deleteDatasetPolicies(RangerDataset dataset) throws Exception {
if (!validator.hasPermission(dataset.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_DATASET_POLICIES);
}
List<XXGdsDatasetPolicyMap> existingMaps = daoMgr.getXXGdsDatasetPolicyMap().getDatasetPolicyMaps(dataset.getId());
if (existingMaps != null) {
for (XXGdsDatasetPolicyMap existing : existingMaps) {
RangerPolicy policy = svcStore.getPolicy(existing.getPolicyId());
daoMgr.getXXGdsDatasetPolicyMap().remove(existing);
svcStore.deletePolicy(policy);
}
}
}
private void deleteProjectPolicies(RangerProject project) throws Exception {
if (!validator.hasPermission(project.getAcl(), GdsPermission.POLICY_ADMIN)) {
throw restErrorUtil.create403RESTException(NOT_AUTHORIZED_FOR_PROJECT_POLICIES);
}
List<XXGdsProjectPolicyMap> existingMaps = daoMgr.getXXGdsProjectPolicyMap().getProjectPolicyMaps(project.getId());
if (existingMaps != null) {
for (XXGdsProjectPolicyMap existing : existingMaps) {
RangerPolicy policy = svcStore.getPolicy(existing.getPolicyId());
daoMgr.getXXGdsProjectPolicyMap().remove(existing);
svcStore.deletePolicy(policy);
}
}
}
private void removeDIPForDataset(Long datasetId) {
XXGdsDatasetInProjectDao dipDao = daoMgr.getXXGdsDatasetInProject();
List<XXGdsDatasetInProject> dshidList = dipDao.findByDatasetId(datasetId);
for (XXGdsDatasetInProject dip : dshidList) {
boolean dipDeleted = dipDao.remove(dip.getId());
if (!dipDeleted) {
throw restErrorUtil.createRESTException("DatasetInProject could not be deleted",
MessageEnums.ERROR_DELETE_OBJECT, dip.getId(), "DatasetInProjectId", null,
HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
}
}
private void removeDSHIDForDataset(Long datasetId) {
XXGdsDataShareInDatasetDao dshidDao = daoMgr.getXXGdsDataShareInDataset();
List<XXGdsDataShareInDataset> dshidList = dshidDao.findByDatasetId(datasetId);
for (XXGdsDataShareInDataset dshid : dshidList) {
boolean dshidDeleted = dshidDao.remove(dshid.getId());
if (!dshidDeleted) {
throw restErrorUtil.createRESTException("DataShareInDataset could not be deleted",
MessageEnums.ERROR_DELETE_OBJECT, dshid.getId(), "DataShareInDataset", null,
HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
}
}
private void removeDIPForProject(Long projectId) {
XXGdsDatasetInProjectDao dipDao = daoMgr.getXXGdsDatasetInProject();
List<XXGdsDatasetInProject> dshidList = dipDao.findByProjectId(projectId);
for (XXGdsDatasetInProject dip : dshidList) {
boolean dipDeleted = dipDao.remove(dip.getId());
if (!dipDeleted) {
throw restErrorUtil.createRESTException("DatasetInProject could not be deleted",
MessageEnums.ERROR_DELETE_OBJECT, dip.getId(), "DatasetInProjectId", null,
HttpStatus.SC_INTERNAL_SERVER_ERROR);
}
}
}
private void addCreatorAsAclAdmin(RangerGdsObjectACL acl) {
String currentUser = bizUtil.getCurrentUserLoginId();
Map<String, GdsPermission> userAcl = acl.getUsers();
if (userAcl == null) {
userAcl = new HashMap<>();
acl.setUsers(userAcl);
}
if (acl.getUsers().get(currentUser) != GdsPermission.ADMIN) {
acl.getUsers().put(currentUser, GdsPermission.ADMIN);
}
}
private List<DataShareInDatasetSummary> getDataSharesSummary(RangerDataShareList dataShares, SearchFilter filter) {
List<DataShareInDatasetSummary> ret = new ArrayList<>();
if (CollectionUtils.isNotEmpty(dataShares.getList())) {
RangerDataShareInDatasetList dshInDsList = dataShareInDatasetService.searchDataShareInDatasets(filter);
if (CollectionUtils.isNotEmpty(dshInDsList.getList())) {
for (RangerDataShare dataShare : dataShares.getList()) {
ret.add(toDshInDsSummary(dataShare, dshInDsList.getList()));
}
}
}
return ret;
}
private List<DataShareInDatasetSummary> getDatasetsSummary(RangerDatasetList datasets, SearchFilter filter) {
List<DataShareInDatasetSummary> ret = new ArrayList<>();
if (CollectionUtils.isNotEmpty(datasets.getList())) {
RangerDataShareInDatasetList dshInDsList = dataShareInDatasetService.searchDataShareInDatasets(filter);
if (CollectionUtils.isNotEmpty(dshInDsList.getList())) {
for (RangerDataset dataset : datasets.getList()) {
ret.add(toDshInDsSummary(dataset, dshInDsList.getList()));
}
}
}
return ret;
}
private DataShareInDatasetSummary toDshInDsSummary(RangerDataShare dataShare, List<RangerDataShareInDataset> dshInDsList) {
Optional<RangerDataShareInDataset> dshInDs = dshInDsList.stream().filter(d -> d.getDataShareId().equals(dataShare.getId())).findFirst();
if (!dshInDs.isPresent()) {
throw restErrorUtil.createRESTException("DataShareInDataset not found", MessageEnums.DATA_NOT_FOUND, dataShare.getId(), "SharedResourceId", null, HttpStatus.SC_NOT_FOUND);
}
DataShareInDatasetSummary summary = new DataShareInDatasetSummary();
summary.setId(dshInDs.get().getId());
summary.setDataShareId(dataShare.getId());
summary.setDataShareName(dataShare.getName());
summary.setCreatedBy(dataShare.getCreatedBy());
summary.setCreateTime(dataShare.getCreateTime());
summary.setUpdatedBy(dataShare.getUpdatedBy());
summary.setUpdateTime(dataShare.getUpdateTime());
summary.setGuid(dataShare.getGuid());
summary.setIsEnabled(dataShare.getIsEnabled());
summary.setVersion(dataShare.getVersion());
summary.setServiceId(getServiceId(dataShare.getService()));
summary.setServiceName(dataShare.getService());
summary.setZoneId(getZoneId(dataShare.getZone(), null));
summary.setZoneName(dataShare.getZone());
summary.setShareStatus(dshInDs.get().getStatus());
summary.setApprover(dshInDs.get().getApprover());
summary.setResourceCount(sharedResourceService.getResourceCountForDataShare(dataShare.getId()));
return summary;
}
private DataShareInDatasetSummary toDshInDsSummary(RangerDataset dataset, List<RangerDataShareInDataset> dshInDsList) {
Optional<RangerDataShareInDataset> dshInDs = dshInDsList.stream().filter(d -> d.getDatasetId().equals(dataset.getId())).findFirst();
if (!dshInDs.isPresent()) {
throw restErrorUtil.createRESTException("DataShareInDataset not found", MessageEnums.DATA_NOT_FOUND, dataset.getId(), "DatasetId", null, HttpStatus.SC_NOT_FOUND);
}
DataShareInDatasetSummary summary = new DataShareInDatasetSummary();
summary.setId(dshInDs.get().getId());
summary.setDatasetId(dataset.getId());
summary.setDatasetName(dataset.getName());
summary.setCreatedBy(dataset.getCreatedBy());
summary.setCreateTime(dataset.getCreateTime());
summary.setUpdatedBy(dataset.getUpdatedBy());
summary.setUpdateTime(dataset.getUpdateTime());
summary.setGuid(dataset.getGuid());
summary.setIsEnabled(dataset.getIsEnabled());
summary.setVersion(dataset.getVersion());
summary.setShareStatus(dshInDs.get().getStatus());
summary.setApprover(dshInDs.get().getApprover());
return summary;
}
private DataShareInDatasetSummary toDshInDsSummary(RangerDataset dataset, RangerDataShare dataShare,
RangerDataShareInDataset dshInDs) {
Map<String, Long> zoneIds = new HashMap<>();
DataShareInDatasetSummary summary = new DataShareInDatasetSummary();
summary.setId(dshInDs.getId());
summary.setGuid(dshInDs.getGuid());
summary.setCreatedBy(dshInDs.getCreatedBy());
summary.setCreateTime(dshInDs.getCreateTime());
summary.setUpdatedBy(dshInDs.getUpdatedBy());
summary.setUpdateTime(dshInDs.getUpdateTime());
summary.setApprover(dshInDs.getApprover());
summary.setShareStatus(dshInDs.getStatus());
summary.setDatasetId(dataset.getId());
summary.setDatasetName(dataset.getName());
summary.setDataShareId(dataShare.getId());
summary.setDataShareName(dataShare.getName());
if (dataShare.getZone() != null && !dataShare.getZone().isEmpty()) {
summary.setZoneName(dataShare.getZone());
summary.setZoneId(getZoneId(dataShare.getZone(),zoneIds));
}
summary.setServiceName(dataShare.getService());
summary.setServiceId(getServiceId(dataShare.getService()));
summary.setDataShareName(dataShare.getName());
summary.setResourceCount(sharedResourceService.getResourceCountForDataShare(dataShare.getId()));
return summary;
}
private Long getServiceId(String serviceName) {
XXService xService = daoMgr.getXXService().findByName(serviceName);
if (xService == null) {
throw restErrorUtil.createRESTException("Service not found", MessageEnums.DATA_NOT_FOUND, null, "ServiceName", null, HttpStatus.SC_NOT_FOUND);
}
return xService.getId();
}
private String getServiceType(String serviceName) {
String serviceTpe = daoMgr.getXXServiceDef().findServiceDefTypeByServiceName(serviceName);
if (StringUtils.isEmpty(serviceTpe)) {
throw restErrorUtil.createRESTException("Service type not found", MessageEnums.DATA_NOT_FOUND, null, "ServiceName", null, HttpStatus.SC_NOT_FOUND);
}
return serviceTpe;
}
private boolean hasResource(List<String> resources, String resourceValue) {
return resources.stream().filter(Objects::nonNull).anyMatch(resource -> resource.contains(resourceValue));
}
private void validate(List<RangerDataShareInDataset> dataSharesInDataset) throws Exception {
XXGdsDataShareInDatasetDao dshInDsDao = daoMgr.getXXGdsDataShareInDataset();
if(CollectionUtils.isNotEmpty(dataSharesInDataset)) {
for(RangerDataShareInDataset dataShareInDataset : dataSharesInDataset) {
XXGdsDataShareInDataset existing = dshInDsDao.findByDataShareIdAndDatasetId(dataShareInDataset.getDataShareId(), dataShareInDataset.getDatasetId());
if (existing != null) {
throw new Exception("data share id='" + dataShareInDataset.getDataShareId() + "' already shared with dataset id='" + dataShareInDataset.getDatasetId() + "': dataShareInDatasetId=" + existing.getId());
}
validator.validateCreate(dataShareInDataset);
}
}
}
private RangerDataShareInDataset createDataShareInDataset(RangerDataShareInDataset dataShareInDataset) {
switch (dataShareInDataset.getStatus()) {
case GRANTED:
case DENIED:
case ACTIVE:
dataShareInDataset.setApprover(bizUtil.getCurrentUserLoginId());
break;
default:
dataShareInDataset.setApprover(null);
break;
}
if (StringUtils.isBlank(dataShareInDataset.getGuid())) {
dataShareInDataset.setGuid(guidUtil.genGUID());
}
RangerDataShareInDataset ret = dataShareInDatasetService.create(dataShareInDataset);
dataShareInDatasetService.onObjectChange(ret, null, RangerServiceService.OPERATION_CREATE_CONTEXT);
updateGdsVersionForDataset(dataShareInDataset.getDatasetId());
return ret;
}
private Long getZoneId(String zoneName, Map<String, Long> zoneIds) {
Long ret = null;
if (StringUtils.isNotBlank(zoneName)) {
ret = zoneIds != null ? zoneIds.get(zoneName) : null;
if (ret == null) {
XXSecurityZone xxSecurityZone = daoMgr.getXXSecurityZoneDao().findByZoneName(zoneName);
if (xxSecurityZone == null) {
throw restErrorUtil.createRESTException("Security Zone not found", MessageEnums.DATA_NOT_FOUND, null, "ZoneName", null, HttpStatus.SC_NOT_FOUND);
}
ret = xxSecurityZone.getId();
if (zoneIds != null) {
zoneIds.put(zoneName, ret);
}
}
}
return ret;
}
private List<RangerPolicy> getPolicies(List<Long> policyIds) {
List<RangerPolicy> ret = new ArrayList<>();
if (CollectionUtils.isNotEmpty(policyIds)) {
for (Long policyId : policyIds) {
try {
RangerPolicy policy = svcStore.getPolicy(policyId);
if (policy != null) {
ret.add(policy);
}
} catch (Exception excp) {
LOG.error("getPolicies(): failed to get policy with id=" + policyId, excp);
}
}
}
return ret;
}
private void updateGdsVersionForService(Long serviceId) {
updateGdsVersion();
Runnable serviceVersionUpdater = new ServiceDBStore.ServiceVersionUpdater(daoMgr, serviceId, ServiceDBStore.VERSION_TYPE.GDS_VERSION, RangerPolicyDelta.CHANGE_TYPE_GDS_UPDATE);
daoMgr.getRangerTransactionSynchronizationAdapter().executeOnTransactionCommit(serviceVersionUpdater);
}
private void updateGdsVersionForService(String serviceName) {
Long serviceId = daoMgr.getXXService().findIdByName(serviceName);
if (serviceId != null) {
updateGdsVersionForService(serviceId);
}
}
private void updateGdsVersionForProject(Long projectId) {
updateGdsVersion();
List<Long> serviceIds = daoMgr.getXXGdsProject().findServiceIdsForProject(projectId);
for (Long serviceId : serviceIds) {
Runnable serviceVersionUpdater = new ServiceDBStore.ServiceVersionUpdater(daoMgr, serviceId, ServiceDBStore.VERSION_TYPE.GDS_VERSION, RangerPolicyDelta.CHANGE_TYPE_GDS_UPDATE);
daoMgr.getRangerTransactionSynchronizationAdapter().executeOnTransactionCommit(serviceVersionUpdater);
}
}
private void updateGdsVersionForDataset(Long datasetId) {
updateGdsVersion();
List<Long> serviceIds = daoMgr.getXXGdsDataset().findServiceIdsForDataset(datasetId);
for (Long serviceId : serviceIds) {
Runnable serviceVersionUpdater = new ServiceDBStore.ServiceVersionUpdater(daoMgr, serviceId, ServiceDBStore.VERSION_TYPE.GDS_VERSION, RangerPolicyDelta.CHANGE_TYPE_GDS_UPDATE);
daoMgr.getRangerTransactionSynchronizationAdapter().executeOnTransactionCommit(serviceVersionUpdater);
}
}
private void updateGdsVersionForDataShare(Long dataShareId) {
XXGdsDataShare dataShare = daoMgr.getXXGdsDataShare().getById(dataShareId);
if (dataShare != null) {
updateGdsVersionForService(dataShare.getServiceId());
}
}
private void copyExistingBaseFields(RangerGdsBaseModelObject objToUpdate, RangerGdsBaseModelObject existingObj) {
if (objToUpdate != null && existingObj != null) {
// retain existing values for: guid, createdBy, createTime
objToUpdate.setGuid(existingObj.getGuid());
objToUpdate.setCreatedBy(existingObj.getCreatedBy());
objToUpdate.setCreateTime(existingObj.getCreateTime());
// retain existing values if objToUpdate has null for: isEnabled, description, options, additionalInfo
if (objToUpdate.getIsEnabled() == null) {
objToUpdate.setIsEnabled(existingObj.getIsEnabled());
}
if (objToUpdate.getDescription() == null) {
objToUpdate.setDescription(existingObj.getDescription());
}
if (objToUpdate.getOptions() == null) {
objToUpdate.setOptions(existingObj.getOptions());
}
if (objToUpdate.getAdditionalInfo() == null) {
objToUpdate.setAdditionalInfo(existingObj.getAdditionalInfo());
}
}
}
}