security-admin/src/main/java/org/apache/ranger/biz/RangerTagDBRetriever.java - ranger - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.ranger.biz;

 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.ListIterator;
 import java.util.Map;

 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
 import org.apache.ranger.authorization.utils.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.*;
 import org.apache.ranger.plugin.model.*;
 import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
 import org.apache.ranger.plugin.util.RangerPerfTracer;


 public class RangerTagDBRetriever {
 	static final Log LOG = LogFactory.getLog(RangerTagDBRetriever.class);
 	static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("db.RangerTagDBRetriever");
 	public static final String OPTION_RANGER_FILTER_TAGS_FOR_SERVICE_PLUGIN = "ranger.filter.tags.for.service.plugin";

 	private final RangerDaoManager daoMgr;
 	private final XXService xService;
 	private final LookupCache lookupCache;

 	private List<RangerServiceResource> serviceResources;
 	private Map<Long, RangerTagDef> tagDefs;
 	private Map<Long, RangerTag> tags;
 	private List<RangerTagResourceMap> tagResourceMaps;

 	private boolean filterForServicePlugin;

 	public RangerTagDBRetriever(final RangerDaoManager daoMgr, final XXService xService) {
 		this.daoMgr = daoMgr;
 		this.xService = xService;
 		this.lookupCache = new LookupCache();


 		if (this.daoMgr != null && this.xService != null) {

 			RangerPerfTracer perf = null;

 			if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
 				perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerTagDBReceiver.getTags(serviceName=" + xService.getName());
 			}

 			filterForServicePlugin = RangerConfiguration.getInstance().getBoolean(OPTION_RANGER_FILTER_TAGS_FOR_SERVICE_PLUGIN, false);
 			TagRetrieverServiceResourceContext serviceResourceContext = new TagRetrieverServiceResourceContext(xService);
 			TagRetrieverTagDefContext tagDefContext = new TagRetrieverTagDefContext(xService);
 			TagRetrieverTagContext tagContext = new TagRetrieverTagContext(xService);

 			serviceResources = serviceResourceContext.getAllServiceResources();
 			tagDefs = tagDefContext.getAllTagDefs();
 			tags = tagContext.getAllTags();
 			tagResourceMaps = getAllTagResourceMaps();

 			RangerPerfTracer.log(perf);

 		}
 	}

 	public List<RangerTagResourceMap> getTagResourceMaps() {
 		return tagResourceMaps;
 	}

 	public List<RangerServiceResource> getServiceResources() {
 		return serviceResources;
 	}

 	public Map<Long, RangerTagDef> getTagDefs() {
 		return tagDefs;
 	}

 	public Map<Long, RangerTag> getTags() {
 		return tags;
 	}

 	private List<RangerTagResourceMap> getAllTagResourceMaps() {

 		List<XXTagResourceMap> xTagResourceMaps = filterForServicePlugin ? daoMgr.getXXTagResourceMap().findForServicePlugin(xService.getId()) : daoMgr.getXXTagResourceMap().findByServiceId(xService.getId());

 		ListIterator<XXTagResourceMap> iterTagResourceMap = xTagResourceMaps.listIterator();

 		List<RangerTagResourceMap> ret = new ArrayList<RangerTagResourceMap>();

 		while (iterTagResourceMap.hasNext()) {

 			XXTagResourceMap xTagResourceMap = iterTagResourceMap.next();

 			if (xTagResourceMap != null) {

 				RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();

 				tagResourceMap.setId(xTagResourceMap.getId());
 				tagResourceMap.setGuid(xTagResourceMap.getGuid());
 				tagResourceMap.setCreatedBy(lookupCache.getUserScreenName(xTagResourceMap.getAddedByUserId()));
 				tagResourceMap.setUpdatedBy(lookupCache.getUserScreenName(xTagResourceMap.getUpdatedByUserId()));
 				tagResourceMap.setCreateTime(xTagResourceMap.getCreateTime());
 				tagResourceMap.setUpdateTime(xTagResourceMap.getUpdateTime());
 				tagResourceMap.setResourceId(xTagResourceMap.getResourceId());
 				tagResourceMap.setTagId(xTagResourceMap.getTagId());

 				ret.add(tagResourceMap);
 			}
 		}
 		return ret;
 	}

 	static <T> List<T> asList(T obj) {
 		List<T> ret = new ArrayList<T>();

 		if (obj != null) {
 			ret.add(obj);
 		}

 		return ret;
 	}

 	private class LookupCache {
 		final Map<Long, String> userScreenNames = new HashMap<Long, String>();
 		final Map<Long, String> resourceDefs = new HashMap<Long, String>();

 		String getUserScreenName(Long userId) {
 			String ret = null;

 			if (userId != null) {
 				ret = userScreenNames.get(userId);

 				if (ret == null) {
 					XXPortalUser user = daoMgr.getXXPortalUser().getById(userId);

 					if (user != null) {
 						ret = user.getPublicScreenName();

 						if (StringUtil.isEmpty(ret)) {
 							ret = user.getFirstName();

 							if (StringUtil.isEmpty(ret)) {
 								ret = user.getLoginId();
 							} else {
 								if (!StringUtil.isEmpty(user.getLastName())) {
 									ret += (" " + user.getLastName());
 								}
 							}
 						}

 						if (ret != null) {
 							userScreenNames.put(userId, ret);
 						}
 					}
 				}
 			}

 			return ret;
 		}

 		String getResourceName(Long resourceDefId) {
 			String ret = null;

 			if (resourceDefId != null) {
 				ret = resourceDefs.get(resourceDefId);

 				if (ret == null) {
 					XXResourceDef xResourceDef = daoMgr.getXXResourceDef().getById(resourceDefId);

 					if (xResourceDef != null) {
 						ret = xResourceDef.getName();

 						resourceDefs.put(resourceDefId, ret);
 					}
 				}
 			}

 			return ret;
 		}
 	}

 	private class TagRetrieverServiceResourceContext {

 		final XXService service;
 		final ListIterator<XXServiceResource> iterServiceResource;
 		final ListIterator<XXServiceResourceElement> iterServiceResourceElement;
 		final ListIterator<XXServiceResourceElementValue> iterServiceResourceElementValue;

 		TagRetrieverServiceResourceContext(XXService xService) {
 			Long serviceId = xService == null ? null : xService.getId();

 			List<XXServiceResource> xServiceResources = filterForServicePlugin ? daoMgr.getXXServiceResource().findForServicePlugin(serviceId) : daoMgr.getXXServiceResource().findTaggedResourcesInServiceId(serviceId);
 			List<XXServiceResourceElement> xServiceResourceElements = filterForServicePlugin ? daoMgr.getXXServiceResourceElement().findForServicePlugin(serviceId) : daoMgr.getXXServiceResourceElement().findTaggedResourcesInServiceId(serviceId);
 			List<XXServiceResourceElementValue> xServiceResourceElementValues = filterForServicePlugin ? daoMgr.getXXServiceResourceElementValue().findForServicePlugin(serviceId) : daoMgr.getXXServiceResourceElementValue().findTaggedResourcesInServiceId(serviceId);

 			this.service = xService;
 			this.iterServiceResource = xServiceResources.listIterator();
 			this.iterServiceResourceElement = xServiceResourceElements.listIterator();
 			this.iterServiceResourceElementValue = xServiceResourceElementValues.listIterator();

 		}

 		TagRetrieverServiceResourceContext(XXServiceResource xServiceResource, XXService xService) {
 			Long resourceId = xServiceResource == null ? null : xServiceResource.getId();

 			List<XXServiceResource> xServiceResources = asList(xServiceResource);
 			List<XXServiceResourceElement> xServiceResourceElements = daoMgr.getXXServiceResourceElement().findByResourceId(resourceId);
 			List<XXServiceResourceElementValue> xServiceResourceElementValues = daoMgr.getXXServiceResourceElementValue().findByResourceId(resourceId);

 			this.service = xService;
 			this.iterServiceResource = xServiceResources.listIterator();
 			this.iterServiceResourceElement = xServiceResourceElements.listIterator();
 			this.iterServiceResourceElementValue = xServiceResourceElementValues.listIterator();

 		}

 		List<RangerServiceResource> getAllServiceResources() {
 			List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();

 			while (iterServiceResource.hasNext()) {
 				RangerServiceResource serviceResource = getNextServiceResource();

 				if (serviceResource != null) {
 					ret.add(serviceResource);
 				}
 			}

 			if (!hasProcessedAll()) {
 				LOG.warn("getAllServiceResources(): perhaps one or more serviceResources got updated during retrieval. Using fallback ... ");

 				ret = getServiceResourcesBySecondary();
 			}

 			return ret;
 		}

 		RangerServiceResource getNextServiceResource() {
 			RangerServiceResource ret = null;

 			if (iterServiceResource.hasNext()) {
 				XXServiceResource xServiceResource = iterServiceResource.next();

 				if (xServiceResource != null) {
 					ret = new RangerServiceResource();

 					ret.setId(xServiceResource.getId());
 					ret.setGuid(xServiceResource.getGuid());
 					ret.setIsEnabled(xServiceResource.getIsEnabled());
 					ret.setCreatedBy(lookupCache.getUserScreenName(xServiceResource.getAddedByUserId()));
 					ret.setUpdatedBy(lookupCache.getUserScreenName(xServiceResource.getUpdatedByUserId()));
 					ret.setCreateTime(xServiceResource.getCreateTime());
 					ret.setUpdateTime(xServiceResource.getUpdateTime());
 					ret.setVersion(xServiceResource.getVersion());
 					ret.setResourceSignature(xServiceResource.getResourceSignature());

 					getServiceResourceElements(ret);
 				}
 			}

 			return ret;
 		}

 		void getServiceResourceElements(RangerServiceResource serviceResource) {
 			while (iterServiceResourceElement.hasNext()) {
 				XXServiceResourceElement xServiceResourceElement = iterServiceResourceElement.next();

 				if (xServiceResourceElement.getResourceId().equals(serviceResource.getId())) {
 					RangerPolicyResource resource = new RangerPolicyResource();

 					resource.setIsExcludes(xServiceResourceElement.getIsExcludes());
 					resource.setIsRecursive(xServiceResourceElement.getIsRecursive());

 					while (iterServiceResourceElementValue.hasNext()) {
 						XXServiceResourceElementValue xServiceResourceElementValue = iterServiceResourceElementValue.next();

 						if (xServiceResourceElementValue.getResElementId().equals(xServiceResourceElement.getId())) {
 							resource.getValues().add(xServiceResourceElementValue.getValue());
 						} else {
 							if (iterServiceResourceElementValue.hasPrevious()) {
 								iterServiceResourceElementValue.previous();
 							}
 							break;
 						}
 					}

 					serviceResource.getResourceElements().put(lookupCache.getResourceName(xServiceResourceElement.getResDefId()), resource);
 				} else if (xServiceResourceElement.getResourceId().compareTo(serviceResource.getId()) > 0) {
 					if (iterServiceResourceElement.hasPrevious()) {
 						iterServiceResourceElement.previous();
 					}
 					break;
 				}
 			}
 		}

 		boolean hasProcessedAll() {
 			boolean moreToProcess = iterServiceResource.hasNext()
 					|| iterServiceResourceElement.hasNext()
 					|| iterServiceResourceElementValue.hasNext();
 			return !moreToProcess;
 		}

 		List<RangerServiceResource> getServiceResourcesBySecondary() {
 			List<RangerServiceResource> ret = null;

 			if (service != null) {
 				List<XXServiceResource> xServiceResources = filterForServicePlugin ? daoMgr.getXXServiceResource().findForServicePlugin(service.getId()) : daoMgr.getXXServiceResource().findTaggedResourcesInServiceId(service.getId());

 				if (CollectionUtils.isNotEmpty(xServiceResources)) {
 					ret = new ArrayList<RangerServiceResource>(xServiceResources.size());

 					for (XXServiceResource xServiceResource : xServiceResources) {
 						TagRetrieverServiceResourceContext ctx = new TagRetrieverServiceResourceContext(xServiceResource, service);

 						RangerServiceResource serviceResource = ctx.getNextServiceResource();

 						if (serviceResource != null) {
 							ret.add(serviceResource);
 						}
 					}
 				}
 			}
 			return ret;
 		}
 	}

 	private class TagRetrieverTagDefContext {

 		final XXService service;
 		final ListIterator<XXTagDef> iterTagDef;
 		final ListIterator<XXTagAttributeDef> iterTagAttributeDef;


 		TagRetrieverTagDefContext(XXService xService) {
 			Long serviceId = xService == null ? null : xService.getId();

 			List<XXTagDef> xTagDefs = filterForServicePlugin ? daoMgr.getXXTagDef().findForServicePlugin(serviceId) : daoMgr.getXXTagDef().findByServiceId(serviceId);
 			List<XXTagAttributeDef> xTagAttributeDefs = filterForServicePlugin ? daoMgr.getXXTagAttributeDef().findForServicePlugin(serviceId) : daoMgr.getXXTagAttributeDef().findByServiceId(serviceId);

 			this.service = xService;
 			this.iterTagDef = xTagDefs.listIterator();
 			this.iterTagAttributeDef = xTagAttributeDefs.listIterator();
 		}

 		TagRetrieverTagDefContext(XXTagDef xTagDef, XXService xService) {
 			Long tagDefId = xTagDef == null ? null : xTagDef.getId();

 			List<XXTagDef> xTagDefs = asList(xTagDef);
 			List<XXTagAttributeDef> xTagAttributeDefs = daoMgr.getXXTagAttributeDef().findByTagDefId(tagDefId);

 			this.service = xService;
 			this.iterTagDef = xTagDefs.listIterator();
 			this.iterTagAttributeDef = xTagAttributeDefs.listIterator();
 		}

 		Map<Long, RangerTagDef> getAllTagDefs() {
 			Map<Long, RangerTagDef> ret = new HashMap<Long, RangerTagDef>();

 			while (iterTagDef.hasNext()) {
 				RangerTagDef tagDef = getNextTagDef();

 				if (tagDef != null) {
 					ret.put(tagDef.getId(), tagDef);
 				}
 			}

 			if (!hasProcessedAllTagDefs()) {
 				LOG.warn("getAllTagDefs(): perhaps one or more tag-definitions got updated during retrieval.  Using fallback ... ");

 				ret = getTagDefsBySecondary();

 			}

 			return ret;
 		}

 		RangerTagDef getNextTagDef() {
 			RangerTagDef ret = null;

 			if (iterTagDef.hasNext()) {
 				XXTagDef xTagDef = iterTagDef.next();

 				if (xTagDef != null) {
 					ret = new RangerTagDef();

 					ret.setId(xTagDef.getId());
 					ret.setGuid(xTagDef.getGuid());
 					ret.setIsEnabled(xTagDef.getIsEnabled());
 					ret.setCreatedBy(lookupCache.getUserScreenName(xTagDef.getAddedByUserId()));
 					ret.setUpdatedBy(lookupCache.getUserScreenName(xTagDef.getUpdatedByUserId()));
 					ret.setCreateTime(xTagDef.getCreateTime());
 					ret.setUpdateTime(xTagDef.getUpdateTime());
 					ret.setVersion(xTagDef.getVersion());
 					ret.setName(xTagDef.getName());
 					ret.setSource(xTagDef.getSource());

 					getTagAttributeDefs(ret);
 				}
 			}

 			return ret;
 		}

 		void getTagAttributeDefs(RangerTagDef tagDef) {
 			while (iterTagAttributeDef.hasNext()) {
 				XXTagAttributeDef xTagAttributeDef = iterTagAttributeDef.next();

 				if (xTagAttributeDef.getTagDefId().equals(tagDef.getId())) {
 					RangerTagDef.RangerTagAttributeDef tagAttributeDef = new RangerTagDef.RangerTagAttributeDef();

 					tagAttributeDef.setName(xTagAttributeDef.getName());
 					tagAttributeDef.setType(xTagAttributeDef.getType());

 					tagDef.getAttributeDefs().add(tagAttributeDef);
 				} else if (xTagAttributeDef.getTagDefId().compareTo(tagDef.getId()) > 0) {
 					if (iterTagAttributeDef.hasPrevious()) {
 						iterTagAttributeDef.previous();
 					}
 					break;
 				}
 			}
 		}

 		boolean hasProcessedAllTagDefs() {
 			boolean moreToProcess = iterTagAttributeDef.hasNext();
 			return !moreToProcess;
 		}

 		Map<Long, RangerTagDef> getTagDefsBySecondary() {
 			Map<Long, RangerTagDef> ret = null;

 			if (service != null) {
 				List<XXTagDef> xTagDefs = daoMgr.getXXTagDef().findByServiceId(service.getId());

 				if (CollectionUtils.isNotEmpty(xTagDefs)) {
 					ret = new HashMap<Long, RangerTagDef>(xTagDefs.size());

 					for (XXTagDef xTagDef : xTagDefs) {
 						TagRetrieverTagDefContext ctx = new TagRetrieverTagDefContext(xTagDef, service);

 						RangerTagDef tagDef = ctx.getNextTagDef();

 						if (tagDef != null) {
 							ret.put(tagDef.getId(), tagDef);
 						}
 					}
 				}
 			}
 			return ret;
 		}
 	}

 	private class TagRetrieverTagContext {

 		final XXService service;
 		final ListIterator<XXTag> iterTag;
 		final ListIterator<XXTagAttribute> iterTagAttribute;

 		TagRetrieverTagContext(XXService xService) {
 			Long serviceId = xService == null ? null : xService.getId();

 			List<XXTag> xTags = filterForServicePlugin ? daoMgr.getXXTag().findForServicePlugin(serviceId) : daoMgr.getXXTag().findByServiceId(serviceId);
 			List<XXTagAttribute> xTagAttributes = filterForServicePlugin ? daoMgr.getXXTagAttribute().findForServicePlugin(serviceId) : daoMgr.getXXTagAttribute().findByServiceId(serviceId);

 			this.service = xService;
 			this.iterTag = xTags.listIterator();
 			this.iterTagAttribute = xTagAttributes.listIterator();

 		}

 		TagRetrieverTagContext(XXTag xTag, XXService xService) {
 			Long tagId = xTag == null ? null : xTag.getId();

 			List<XXTag> xTags = asList(xTag);
 			List<XXTagAttribute> xTagAttributes = daoMgr.getXXTagAttribute().findByTagId(tagId);

 			this.service = xService;
 			this.iterTag = xTags.listIterator();
 			this.iterTagAttribute = xTagAttributes.listIterator();
 		}


 		Map<Long, RangerTag> getAllTags() {
 			Map<Long, RangerTag> ret = new HashMap<Long, RangerTag>();

 			while (iterTag.hasNext()) {
 				RangerTag tag = getNextTag();

 				if (tag != null) {
 					ret.put(tag.getId(), tag);
 				}
 			}

 			if (!hasProcessedAllTags()) {
 				LOG.warn("getAllTags(): perhaps one or more tags got updated during retrieval. Using fallback ... ");

 				ret = getTagsBySecondary();
 			}

 			return ret;
 		}

 		RangerTag getNextTag() {
 			RangerTag ret = null;

 			if (iterTag.hasNext()) {
 				XXTag xTag = iterTag.next();

 				if (xTag != null) {
 					ret = new RangerTag();

 					ret.setId(xTag.getId());
 					ret.setGuid(xTag.getGuid());
 					ret.setOwner(xTag.getOwner());
 					ret.setCreatedBy(lookupCache.getUserScreenName(xTag.getAddedByUserId()));
 					ret.setUpdatedBy(lookupCache.getUserScreenName(xTag.getUpdatedByUserId()));
 					ret.setCreateTime(xTag.getCreateTime());
 					ret.setUpdateTime(xTag.getUpdateTime());
 					ret.setVersion(xTag.getVersion());

 					Map<Long, RangerTagDef> tagDefs = getTagDefs();
 					if (tagDefs != null) {
 						RangerTagDef tagDef = tagDefs.get(xTag.getType());
 						if (tagDef != null) {
 							ret.setType(tagDef.getName());
 						}
 					}

 					getTagAttributes(ret);
 				}
 			}

 			return ret;
 		}

 		void getTagAttributes(RangerTag tag) {
 			while (iterTagAttribute.hasNext()) {
 				XXTagAttribute xTagAttribute = iterTagAttribute.next();

 				if (xTagAttribute.getTagId().equals(tag.getId())) {
 					String attributeName = xTagAttribute.getName();
 					String attributeValue = xTagAttribute.getValue();


 					tag.getAttributes().put(attributeName, attributeValue);
 				} else if (xTagAttribute.getTagId().compareTo(tag.getId()) > 0) {
 					if (iterTagAttribute.hasPrevious()) {
 						iterTagAttribute.previous();
 					}
 					break;
 				}
 			}
 		}

 		boolean hasProcessedAllTags() {
 			boolean moreToProcess = iterTagAttribute.hasNext();
 			return !moreToProcess;
 		}

 		Map<Long, RangerTag> getTagsBySecondary() {
 			Map<Long, RangerTag> ret = null;

 			if (service != null) {
 				List<XXTag> xTags = daoMgr.getXXTag().findByServiceId(service.getId());

 				if (CollectionUtils.isNotEmpty(xTags)) {
 					ret = new HashMap<Long, RangerTag>(xTags.size());

 					for (XXTag xTag : xTags) {
 						TagRetrieverTagContext ctx = new TagRetrieverTagContext(xTag, service);

 						RangerTag tag = ctx.getNextTag();

 						if (tag != null) {
 							ret.put(tag.getId(), tag);
 						}
 					}
 				}
 			}
 			return ret;
 		}
 	}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.ranger.biz;

	import java.util.ArrayList;
	import java.util.HashMap;
	import java.util.List;
	import java.util.ListIterator;
	import java.util.Map;

	import org.apache.commons.collections.CollectionUtils;
	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;
	import org.apache.ranger.authorization.hadoop.config.RangerConfiguration;
	import org.apache.ranger.authorization.utils.StringUtil;
	import org.apache.ranger.db.RangerDaoManager;
	import org.apache.ranger.entity.*;
	import org.apache.ranger.plugin.model.*;
	import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
	import org.apache.ranger.plugin.util.RangerPerfTracer;


	public class RangerTagDBRetriever {
	static final Log LOG = LogFactory.getLog(RangerTagDBRetriever.class);
	static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("db.RangerTagDBRetriever");
	public static final String OPTION_RANGER_FILTER_TAGS_FOR_SERVICE_PLUGIN = "ranger.filter.tags.for.service.plugin";

	private final RangerDaoManager daoMgr;
	private final XXService xService;
	private final LookupCache lookupCache;

	private List<RangerServiceResource> serviceResources;
	private Map<Long, RangerTagDef> tagDefs;
	private Map<Long, RangerTag> tags;
	private List<RangerTagResourceMap> tagResourceMaps;

	private boolean filterForServicePlugin;

	public RangerTagDBRetriever(final RangerDaoManager daoMgr, final XXService xService) {
	this.daoMgr = daoMgr;
	this.xService = xService;
	this.lookupCache = new LookupCache();


	if (this.daoMgr != null && this.xService != null) {

	RangerPerfTracer perf = null;

	if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
	perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerTagDBReceiver.getTags(serviceName=" + xService.getName());
	}

	filterForServicePlugin = RangerConfiguration.getInstance().getBoolean(OPTION_RANGER_FILTER_TAGS_FOR_SERVICE_PLUGIN, false);
	TagRetrieverServiceResourceContext serviceResourceContext = new TagRetrieverServiceResourceContext(xService);
	TagRetrieverTagDefContext tagDefContext = new TagRetrieverTagDefContext(xService);
	TagRetrieverTagContext tagContext = new TagRetrieverTagContext(xService);

	serviceResources = serviceResourceContext.getAllServiceResources();
	tagDefs = tagDefContext.getAllTagDefs();
	tags = tagContext.getAllTags();
	tagResourceMaps = getAllTagResourceMaps();

	RangerPerfTracer.log(perf);

	}
	}

	public List<RangerTagResourceMap> getTagResourceMaps() {
	return tagResourceMaps;
	}

	public List<RangerServiceResource> getServiceResources() {
	return serviceResources;
	}

	public Map<Long, RangerTagDef> getTagDefs() {
	return tagDefs;
	}

	public Map<Long, RangerTag> getTags() {
	return tags;
	}

	private List<RangerTagResourceMap> getAllTagResourceMaps() {

	List<XXTagResourceMap> xTagResourceMaps = filterForServicePlugin ? daoMgr.getXXTagResourceMap().findForServicePlugin(xService.getId()) : daoMgr.getXXTagResourceMap().findByServiceId(xService.getId());

	ListIterator<XXTagResourceMap> iterTagResourceMap = xTagResourceMaps.listIterator();

	List<RangerTagResourceMap> ret = new ArrayList<RangerTagResourceMap>();

	while (iterTagResourceMap.hasNext()) {

	XXTagResourceMap xTagResourceMap = iterTagResourceMap.next();

	if (xTagResourceMap != null) {

	RangerTagResourceMap tagResourceMap = new RangerTagResourceMap();

	tagResourceMap.setId(xTagResourceMap.getId());
	tagResourceMap.setGuid(xTagResourceMap.getGuid());
	tagResourceMap.setCreatedBy(lookupCache.getUserScreenName(xTagResourceMap.getAddedByUserId()));
	tagResourceMap.setUpdatedBy(lookupCache.getUserScreenName(xTagResourceMap.getUpdatedByUserId()));
	tagResourceMap.setCreateTime(xTagResourceMap.getCreateTime());
	tagResourceMap.setUpdateTime(xTagResourceMap.getUpdateTime());
	tagResourceMap.setResourceId(xTagResourceMap.getResourceId());
	tagResourceMap.setTagId(xTagResourceMap.getTagId());

	ret.add(tagResourceMap);
	}
	}
	return ret;
	}

	static <T> List<T> asList(T obj) {
	List<T> ret = new ArrayList<T>();

	if (obj != null) {
	ret.add(obj);
	}

	return ret;
	}

	private class LookupCache {
	final Map<Long, String> userScreenNames = new HashMap<Long, String>();
	final Map<Long, String> resourceDefs = new HashMap<Long, String>();

	String getUserScreenName(Long userId) {
	String ret = null;

	if (userId != null) {
	ret = userScreenNames.get(userId);

	if (ret == null) {
	XXPortalUser user = daoMgr.getXXPortalUser().getById(userId);

	if (user != null) {
	ret = user.getPublicScreenName();

	if (StringUtil.isEmpty(ret)) {
	ret = user.getFirstName();

	if (StringUtil.isEmpty(ret)) {
	ret = user.getLoginId();
	} else {
	if (!StringUtil.isEmpty(user.getLastName())) {
	ret += (" " + user.getLastName());
	}
	}
	}

	if (ret != null) {
	userScreenNames.put(userId, ret);
	}
	}
	}
	}

	return ret;
	}

	String getResourceName(Long resourceDefId) {
	String ret = null;

	if (resourceDefId != null) {
	ret = resourceDefs.get(resourceDefId);

	if (ret == null) {
	XXResourceDef xResourceDef = daoMgr.getXXResourceDef().getById(resourceDefId);

	if (xResourceDef != null) {
	ret = xResourceDef.getName();

	resourceDefs.put(resourceDefId, ret);
	}
	}
	}

	return ret;
	}
	}

	private class TagRetrieverServiceResourceContext {

	final XXService service;
	final ListIterator<XXServiceResource> iterServiceResource;
	final ListIterator<XXServiceResourceElement> iterServiceResourceElement;
	final ListIterator<XXServiceResourceElementValue> iterServiceResourceElementValue;

	TagRetrieverServiceResourceContext(XXService xService) {
	Long serviceId = xService == null ? null : xService.getId();

	List<XXServiceResource> xServiceResources = filterForServicePlugin ? daoMgr.getXXServiceResource().findForServicePlugin(serviceId) : daoMgr.getXXServiceResource().findTaggedResourcesInServiceId(serviceId);
	List<XXServiceResourceElement> xServiceResourceElements = filterForServicePlugin ? daoMgr.getXXServiceResourceElement().findForServicePlugin(serviceId) : daoMgr.getXXServiceResourceElement().findTaggedResourcesInServiceId(serviceId);
	List<XXServiceResourceElementValue> xServiceResourceElementValues = filterForServicePlugin ? daoMgr.getXXServiceResourceElementValue().findForServicePlugin(serviceId) : daoMgr.getXXServiceResourceElementValue().findTaggedResourcesInServiceId(serviceId);

	this.service = xService;
	this.iterServiceResource = xServiceResources.listIterator();
	this.iterServiceResourceElement = xServiceResourceElements.listIterator();
	this.iterServiceResourceElementValue = xServiceResourceElementValues.listIterator();

	}

	TagRetrieverServiceResourceContext(XXServiceResource xServiceResource, XXService xService) {
	Long resourceId = xServiceResource == null ? null : xServiceResource.getId();

	List<XXServiceResource> xServiceResources = asList(xServiceResource);
	List<XXServiceResourceElement> xServiceResourceElements = daoMgr.getXXServiceResourceElement().findByResourceId(resourceId);
	List<XXServiceResourceElementValue> xServiceResourceElementValues = daoMgr.getXXServiceResourceElementValue().findByResourceId(resourceId);

	this.service = xService;
	this.iterServiceResource = xServiceResources.listIterator();
	this.iterServiceResourceElement = xServiceResourceElements.listIterator();
	this.iterServiceResourceElementValue = xServiceResourceElementValues.listIterator();

	}

	List<RangerServiceResource> getAllServiceResources() {
	List<RangerServiceResource> ret = new ArrayList<RangerServiceResource>();

	while (iterServiceResource.hasNext()) {
	RangerServiceResource serviceResource = getNextServiceResource();

	if (serviceResource != null) {
	ret.add(serviceResource);
	}
	}

	if (!hasProcessedAll()) {
	LOG.warn("getAllServiceResources(): perhaps one or more serviceResources got updated during retrieval. Using fallback ... ");

	ret = getServiceResourcesBySecondary();
	}

	return ret;
	}

	RangerServiceResource getNextServiceResource() {
	RangerServiceResource ret = null;

	if (iterServiceResource.hasNext()) {
	XXServiceResource xServiceResource = iterServiceResource.next();

	if (xServiceResource != null) {
	ret = new RangerServiceResource();

	ret.setId(xServiceResource.getId());
	ret.setGuid(xServiceResource.getGuid());
	ret.setIsEnabled(xServiceResource.getIsEnabled());
	ret.setCreatedBy(lookupCache.getUserScreenName(xServiceResource.getAddedByUserId()));
	ret.setUpdatedBy(lookupCache.getUserScreenName(xServiceResource.getUpdatedByUserId()));
	ret.setCreateTime(xServiceResource.getCreateTime());
	ret.setUpdateTime(xServiceResource.getUpdateTime());
	ret.setVersion(xServiceResource.getVersion());
	ret.setResourceSignature(xServiceResource.getResourceSignature());

	getServiceResourceElements(ret);
	}
	}

	return ret;
	}

	void getServiceResourceElements(RangerServiceResource serviceResource) {
	while (iterServiceResourceElement.hasNext()) {
	XXServiceResourceElement xServiceResourceElement = iterServiceResourceElement.next();

	if (xServiceResourceElement.getResourceId().equals(serviceResource.getId())) {
	RangerPolicyResource resource = new RangerPolicyResource();

	resource.setIsExcludes(xServiceResourceElement.getIsExcludes());
	resource.setIsRecursive(xServiceResourceElement.getIsRecursive());

	while (iterServiceResourceElementValue.hasNext()) {
	XXServiceResourceElementValue xServiceResourceElementValue = iterServiceResourceElementValue.next();

	if (xServiceResourceElementValue.getResElementId().equals(xServiceResourceElement.getId())) {
	resource.getValues().add(xServiceResourceElementValue.getValue());
	} else {
	if (iterServiceResourceElementValue.hasPrevious()) {
	iterServiceResourceElementValue.previous();
	}
	break;
	}
	}

	serviceResource.getResourceElements().put(lookupCache.getResourceName(xServiceResourceElement.getResDefId()), resource);
	} else if (xServiceResourceElement.getResourceId().compareTo(serviceResource.getId()) > 0) {
	if (iterServiceResourceElement.hasPrevious()) {
	iterServiceResourceElement.previous();
	}
	break;
	}
	}
	}

	boolean hasProcessedAll() {
	boolean moreToProcess = iterServiceResource.hasNext()
	\|\| iterServiceResourceElement.hasNext()
	\|\| iterServiceResourceElementValue.hasNext();
	return !moreToProcess;
	}

	List<RangerServiceResource> getServiceResourcesBySecondary() {
	List<RangerServiceResource> ret = null;

	if (service != null) {
	List<XXServiceResource> xServiceResources = filterForServicePlugin ? daoMgr.getXXServiceResource().findForServicePlugin(service.getId()) : daoMgr.getXXServiceResource().findTaggedResourcesInServiceId(service.getId());

	if (CollectionUtils.isNotEmpty(xServiceResources)) {
	ret = new ArrayList<RangerServiceResource>(xServiceResources.size());

	for (XXServiceResource xServiceResource : xServiceResources) {
	TagRetrieverServiceResourceContext ctx = new TagRetrieverServiceResourceContext(xServiceResource, service);

	RangerServiceResource serviceResource = ctx.getNextServiceResource();

	if (serviceResource != null) {
	ret.add(serviceResource);
	}
	}
	}
	}
	return ret;
	}
	}

	private class TagRetrieverTagDefContext {

	final XXService service;
	final ListIterator<XXTagDef> iterTagDef;
	final ListIterator<XXTagAttributeDef> iterTagAttributeDef;


	TagRetrieverTagDefContext(XXService xService) {
	Long serviceId = xService == null ? null : xService.getId();

	List<XXTagDef> xTagDefs = filterForServicePlugin ? daoMgr.getXXTagDef().findForServicePlugin(serviceId) : daoMgr.getXXTagDef().findByServiceId(serviceId);
	List<XXTagAttributeDef> xTagAttributeDefs = filterForServicePlugin ? daoMgr.getXXTagAttributeDef().findForServicePlugin(serviceId) : daoMgr.getXXTagAttributeDef().findByServiceId(serviceId);

	this.service = xService;
	this.iterTagDef = xTagDefs.listIterator();
	this.iterTagAttributeDef = xTagAttributeDefs.listIterator();
	}

	TagRetrieverTagDefContext(XXTagDef xTagDef, XXService xService) {
	Long tagDefId = xTagDef == null ? null : xTagDef.getId();

	List<XXTagDef> xTagDefs = asList(xTagDef);
	List<XXTagAttributeDef> xTagAttributeDefs = daoMgr.getXXTagAttributeDef().findByTagDefId(tagDefId);

	this.service = xService;
	this.iterTagDef = xTagDefs.listIterator();
	this.iterTagAttributeDef = xTagAttributeDefs.listIterator();
	}

	Map<Long, RangerTagDef> getAllTagDefs() {
	Map<Long, RangerTagDef> ret = new HashMap<Long, RangerTagDef>();

	while (iterTagDef.hasNext()) {
	RangerTagDef tagDef = getNextTagDef();

	if (tagDef != null) {
	ret.put(tagDef.getId(), tagDef);
	}
	}

	if (!hasProcessedAllTagDefs()) {
	LOG.warn("getAllTagDefs(): perhaps one or more tag-definitions got updated during retrieval. Using fallback ... ");

	ret = getTagDefsBySecondary();

	}

	return ret;
	}

	RangerTagDef getNextTagDef() {
	RangerTagDef ret = null;

	if (iterTagDef.hasNext()) {
	XXTagDef xTagDef = iterTagDef.next();

	if (xTagDef != null) {
	ret = new RangerTagDef();

	ret.setId(xTagDef.getId());
	ret.setGuid(xTagDef.getGuid());
	ret.setIsEnabled(xTagDef.getIsEnabled());
	ret.setCreatedBy(lookupCache.getUserScreenName(xTagDef.getAddedByUserId()));
	ret.setUpdatedBy(lookupCache.getUserScreenName(xTagDef.getUpdatedByUserId()));
	ret.setCreateTime(xTagDef.getCreateTime());
	ret.setUpdateTime(xTagDef.getUpdateTime());
	ret.setVersion(xTagDef.getVersion());
	ret.setName(xTagDef.getName());
	ret.setSource(xTagDef.getSource());

	getTagAttributeDefs(ret);
	}
	}

	return ret;
	}

	void getTagAttributeDefs(RangerTagDef tagDef) {
	while (iterTagAttributeDef.hasNext()) {
	XXTagAttributeDef xTagAttributeDef = iterTagAttributeDef.next();

	if (xTagAttributeDef.getTagDefId().equals(tagDef.getId())) {
	RangerTagDef.RangerTagAttributeDef tagAttributeDef = new RangerTagDef.RangerTagAttributeDef();

	tagAttributeDef.setName(xTagAttributeDef.getName());
	tagAttributeDef.setType(xTagAttributeDef.getType());

	tagDef.getAttributeDefs().add(tagAttributeDef);
	} else if (xTagAttributeDef.getTagDefId().compareTo(tagDef.getId()) > 0) {
	if (iterTagAttributeDef.hasPrevious()) {
	iterTagAttributeDef.previous();
	}
	break;
	}
	}
	}

	boolean hasProcessedAllTagDefs() {
	boolean moreToProcess = iterTagAttributeDef.hasNext();
	return !moreToProcess;
	}

	Map<Long, RangerTagDef> getTagDefsBySecondary() {
	Map<Long, RangerTagDef> ret = null;

	if (service != null) {
	List<XXTagDef> xTagDefs = daoMgr.getXXTagDef().findByServiceId(service.getId());

	if (CollectionUtils.isNotEmpty(xTagDefs)) {
	ret = new HashMap<Long, RangerTagDef>(xTagDefs.size());

	for (XXTagDef xTagDef : xTagDefs) {
	TagRetrieverTagDefContext ctx = new TagRetrieverTagDefContext(xTagDef, service);

	RangerTagDef tagDef = ctx.getNextTagDef();

	if (tagDef != null) {
	ret.put(tagDef.getId(), tagDef);
	}
	}
	}
	}
	return ret;
	}
	}

	private class TagRetrieverTagContext {

	final XXService service;
	final ListIterator<XXTag> iterTag;
	final ListIterator<XXTagAttribute> iterTagAttribute;

	TagRetrieverTagContext(XXService xService) {
	Long serviceId = xService == null ? null : xService.getId();

	List<XXTag> xTags = filterForServicePlugin ? daoMgr.getXXTag().findForServicePlugin(serviceId) : daoMgr.getXXTag().findByServiceId(serviceId);
	List<XXTagAttribute> xTagAttributes = filterForServicePlugin ? daoMgr.getXXTagAttribute().findForServicePlugin(serviceId) : daoMgr.getXXTagAttribute().findByServiceId(serviceId);

	this.service = xService;
	this.iterTag = xTags.listIterator();
	this.iterTagAttribute = xTagAttributes.listIterator();

	}

	TagRetrieverTagContext(XXTag xTag, XXService xService) {
	Long tagId = xTag == null ? null : xTag.getId();

	List<XXTag> xTags = asList(xTag);
	List<XXTagAttribute> xTagAttributes = daoMgr.getXXTagAttribute().findByTagId(tagId);

	this.service = xService;
	this.iterTag = xTags.listIterator();
	this.iterTagAttribute = xTagAttributes.listIterator();
	}


	Map<Long, RangerTag> getAllTags() {
	Map<Long, RangerTag> ret = new HashMap<Long, RangerTag>();

	while (iterTag.hasNext()) {
	RangerTag tag = getNextTag();

	if (tag != null) {
	ret.put(tag.getId(), tag);
	}
	}

	if (!hasProcessedAllTags()) {
	LOG.warn("getAllTags(): perhaps one or more tags got updated during retrieval. Using fallback ... ");

	ret = getTagsBySecondary();
	}

	return ret;
	}

	RangerTag getNextTag() {
	RangerTag ret = null;

	if (iterTag.hasNext()) {
	XXTag xTag = iterTag.next();

	if (xTag != null) {
	ret = new RangerTag();

	ret.setId(xTag.getId());
	ret.setGuid(xTag.getGuid());
	ret.setOwner(xTag.getOwner());
	ret.setCreatedBy(lookupCache.getUserScreenName(xTag.getAddedByUserId()));
	ret.setUpdatedBy(lookupCache.getUserScreenName(xTag.getUpdatedByUserId()));
	ret.setCreateTime(xTag.getCreateTime());
	ret.setUpdateTime(xTag.getUpdateTime());
	ret.setVersion(xTag.getVersion());

	Map<Long, RangerTagDef> tagDefs = getTagDefs();
	if (tagDefs != null) {
	RangerTagDef tagDef = tagDefs.get(xTag.getType());
	if (tagDef != null) {
	ret.setType(tagDef.getName());
	}
	}

	getTagAttributes(ret);
	}
	}

	return ret;
	}

	void getTagAttributes(RangerTag tag) {
	while (iterTagAttribute.hasNext()) {
	XXTagAttribute xTagAttribute = iterTagAttribute.next();

	if (xTagAttribute.getTagId().equals(tag.getId())) {
	String attributeName = xTagAttribute.getName();
	String attributeValue = xTagAttribute.getValue();


	tag.getAttributes().put(attributeName, attributeValue);
	} else if (xTagAttribute.getTagId().compareTo(tag.getId()) > 0) {
	if (iterTagAttribute.hasPrevious()) {
	iterTagAttribute.previous();
	}
	break;
	}
	}
	}

	boolean hasProcessedAllTags() {
	boolean moreToProcess = iterTagAttribute.hasNext();
	return !moreToProcess;
	}

	Map<Long, RangerTag> getTagsBySecondary() {
	Map<Long, RangerTag> ret = null;

	if (service != null) {
	List<XXTag> xTags = daoMgr.getXXTag().findByServiceId(service.getId());

	if (CollectionUtils.isNotEmpty(xTags)) {
	ret = new HashMap<Long, RangerTag>(xTags.size());

	for (XXTag xTag : xTags) {
	TagRetrieverTagContext ctx = new TagRetrieverTagContext(xTag, service);

	RangerTag tag = ctx.getNextTag();

	if (tag != null) {
	ret.put(tag.getId(), tag);
	}
	}
	}
	}
	return ret;
	}
	}
	}