security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java - ranger - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.ranger.patch;

 import java.io.IOException;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.commons.lang.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.service.XPortalUserService;
 import org.apache.ranger.biz.XUserMgr;
 import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.util.CLIUtil;
 import org.apache.ranger.view.VXPortalUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;

 @Component
 public class PatchPersmissionModel_J10003 extends BaseLoader {
 	private static final Logger logger = Logger
 			.getLogger(PatchPersmissionModel_J10003.class);

 	@Autowired
 	XUserMgr xUserMgr;

 	@Autowired
 	XPortalUserService xPortalUserService;

 	@Autowired
 	RangerDaoManager daoManager;

 	private static boolean grantAllUsers=false;
 	private static String usersListFileName=null;
 	private final static Charset ENCODING = StandardCharsets.UTF_8;
 	public static void main(String[] args) {
 		logger.info("main()");
 		try {
 			if(args!=null && args.length>0){
 				if(StringUtils.equalsIgnoreCase("ALL", args[0])){
 					grantAllUsers=true;
 				}else if(!StringUtils.isEmpty(args[0])){
 					usersListFileName=args[0];
 				}
 			}
 			PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil
 					.getBean(PatchPersmissionModel_J10003.class);

 			loader.init();
 			while (loader.isMoreToProcess()) {
 				loader.load();
 			}
 			logger.info("Load complete. Exiting!!!");
 			System.exit(0);
 		} catch (Exception e) {
 			logger.error("Error loading", e);
 			System.exit(1);
 		}
 	}

 	@Override
 	public void init() throws Exception {
 		// Do Nothing
 	}

 	@Override
 	public void execLoad() {
 		logger.info("==> PermissionPatch.execLoad()");
 		assignPermissionToExistingUsers();
 		logger.info("<== PermissionPatch.execLoad()");
 	}

 	public void assignPermissionToExistingUsers() {
 		int countUserPermissionUpdated = 0;
 		Long userCount=daoManager.getXXPortalUser().getAllCount();
 		List<XXPortalUser> xXPortalUsers=null;
 		Long patchModeMaxLimit=Long.valueOf(500L);
 		try{
 			if (userCount!=null && userCount>0){
 				List<String> loginIdList=readUserNamesFromFile(usersListFileName);
 				if(!CollectionUtils.isEmpty(loginIdList)){
 					xXPortalUsers=new ArrayList<XXPortalUser>();
 					XXPortalUser xXPortalUser=null;
 					for(String loginId:loginIdList){
 						try{
 							xXPortalUser=daoManager.getXXPortalUser().findByLoginId(loginId);
 							if(xXPortalUser!=null){
 								xXPortalUsers.add(xXPortalUser);
 							}else{
 								logger.info("User "+loginId+" doesn't exist!");
 							}
 						}catch(Exception ex){
 						}
 					}
 					countUserPermissionUpdated=assignPermissions(xXPortalUsers);
 					logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+loginIdList.size());
 				}else if(userCount.compareTo(Long.valueOf(patchModeMaxLimit))<0 || grantAllUsers){
 					xXPortalUsers=daoManager.getXXPortalUser().findAllXPortalUser();
 					if(!CollectionUtils.isEmpty(xXPortalUsers)){
 						countUserPermissionUpdated=assignPermissions(xXPortalUsers);
 						logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+xXPortalUsers.size());
 					}
 				}else{
 					//if total no. of users are more than 500 then process ADMIN and KEY_ADMIN users only to avoid timeout
 					xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
 					if(!CollectionUtils.isEmpty(xXPortalUsers)){
 						countUserPermissionUpdated=assignPermissions(xXPortalUsers);
 						logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_SYS_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
 					}
 					xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_KEY_ADMIN);
 					if(!CollectionUtils.isEmpty(xXPortalUsers)){
 						countUserPermissionUpdated=assignPermissions(xXPortalUsers);
 						logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_KEY_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
 					}
 					logger.info("Please execute this patch separately with argument 'ALL' to assign permission to remaining users ");
 	                System.out.println("Please execute this patch separately with argument 'ALL' to assign module permissions to remaining users!!");
 				}
 			}
 		}catch(Exception ex){
 		}
 	}

 	@Override
 	public void printStats() {
 	}

 	private int assignPermissions(List<XXPortalUser> xXPortalUsers){
 		int countUserPermissionUpdated = 0;
 		if(!CollectionUtils.isEmpty(xXPortalUsers)){
 			for (XXPortalUser xPortalUser : xXPortalUsers) {
 				try{
 					if(xPortalUser!=null){
 						VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
 						if(vPortalUser!=null){
 							vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
 							xUserMgr.assignPermissionToUser(vPortalUser, false);
 							countUserPermissionUpdated += 1;
 							logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]");
 						}
 					}
 				}catch(Exception ex){
 				}
 			}
 		}
 		return countUserPermissionUpdated;
 	}

 	private List<String> readUserNamesFromFile(String aFileName) throws IOException {
 		List<String> userNames=new ArrayList<String>();
 		if(!StringUtils.isEmpty(aFileName)){
 			Path path = Paths.get(aFileName);
 			if (Files.exists(path) && Files.isRegularFile(path)) {
 				List<String> fileContents=Files.readAllLines(path, ENCODING);
 				if(fileContents!=null && !fileContents.isEmpty()){
 					for(String line:fileContents){
 						if(!StringUtils.isEmpty(line) && !userNames.contains(line)){
 							try{
 								userNames.add(line.trim());
 							}catch(Exception ex){
 							}
 						}
 					}
 				}
 			}
 		}
 	   return userNames;
 	}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.ranger.patch;

	import java.io.IOException;
	import java.nio.charset.Charset;
	import java.nio.charset.StandardCharsets;
	import java.nio.file.Files;
	import java.nio.file.Path;
	import java.nio.file.Paths;
	import java.util.ArrayList;
	import java.util.List;
	import org.apache.commons.lang.StringUtils;
	import org.apache.log4j.Logger;
	import org.apache.ranger.db.RangerDaoManager;
	import org.apache.ranger.entity.XXPortalUser;
	import org.apache.ranger.service.XPortalUserService;
	import org.apache.ranger.biz.XUserMgr;
	import org.apache.ranger.common.RangerConstants;
	import org.apache.ranger.util.CLIUtil;
	import org.apache.ranger.view.VXPortalUser;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.stereotype.Component;
	import org.springframework.util.CollectionUtils;

	@Component
	public class PatchPersmissionModel_J10003 extends BaseLoader {
	private static final Logger logger = Logger
	.getLogger(PatchPersmissionModel_J10003.class);

	@Autowired
	XUserMgr xUserMgr;

	@Autowired
	XPortalUserService xPortalUserService;

	@Autowired
	RangerDaoManager daoManager;

	private static boolean grantAllUsers=false;
	private static String usersListFileName=null;
	private final static Charset ENCODING = StandardCharsets.UTF_8;
	public static void main(String[] args) {
	logger.info("main()");
	try {
	if(args!=null && args.length>0){
	if(StringUtils.equalsIgnoreCase("ALL", args[0])){
	grantAllUsers=true;
	}else if(!StringUtils.isEmpty(args[0])){
	usersListFileName=args[0];
	}
	}
	PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil
	.getBean(PatchPersmissionModel_J10003.class);

	loader.init();
	while (loader.isMoreToProcess()) {
	loader.load();
	}
	logger.info("Load complete. Exiting!!!");
	System.exit(0);
	} catch (Exception e) {
	logger.error("Error loading", e);
	System.exit(1);
	}
	}

	@Override
	public void init() throws Exception {
	// Do Nothing
	}

	@Override
	public void execLoad() {
	logger.info("==> PermissionPatch.execLoad()");
	assignPermissionToExistingUsers();
	logger.info("<== PermissionPatch.execLoad()");
	}

	public void assignPermissionToExistingUsers() {
	int countUserPermissionUpdated = 0;
	Long userCount=daoManager.getXXPortalUser().getAllCount();
	List<XXPortalUser> xXPortalUsers=null;
	Long patchModeMaxLimit=Long.valueOf(500L);
	try{
	if (userCount!=null && userCount>0){
	List<String> loginIdList=readUserNamesFromFile(usersListFileName);
	if(!CollectionUtils.isEmpty(loginIdList)){
	xXPortalUsers=new ArrayList<XXPortalUser>();
	XXPortalUser xXPortalUser=null;
	for(String loginId:loginIdList){
	try{
	xXPortalUser=daoManager.getXXPortalUser().findByLoginId(loginId);
	if(xXPortalUser!=null){
	xXPortalUsers.add(xXPortalUser);
	}else{
	logger.info("User "+loginId+" doesn't exist!");
	}
	}catch(Exception ex){
	}
	}
	countUserPermissionUpdated=assignPermissions(xXPortalUsers);
	logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+loginIdList.size());
	}else if(userCount.compareTo(Long.valueOf(patchModeMaxLimit))<0 \|\| grantAllUsers){
	xXPortalUsers=daoManager.getXXPortalUser().findAllXPortalUser();
	if(!CollectionUtils.isEmpty(xXPortalUsers)){
	countUserPermissionUpdated=assignPermissions(xXPortalUsers);
	logger.info("Permissions assigned to "+countUserPermissionUpdated + " of "+xXPortalUsers.size());
	}
	}else{
	//if total no. of users are more than 500 then process ADMIN and KEY_ADMIN users only to avoid timeout
	xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_SYS_ADMIN);
	if(!CollectionUtils.isEmpty(xXPortalUsers)){
	countUserPermissionUpdated=assignPermissions(xXPortalUsers);
	logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_SYS_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
	}
	xXPortalUsers=daoManager.getXXPortalUser().findByRole(RangerConstants.ROLE_KEY_ADMIN);
	if(!CollectionUtils.isEmpty(xXPortalUsers)){
	countUserPermissionUpdated=assignPermissions(xXPortalUsers);
	logger.info("Permissions assigned to users having role:"+RangerConstants.ROLE_KEY_ADMIN+". Processed:"+countUserPermissionUpdated + " of total "+xXPortalUsers.size());
	}
	logger.info("Please execute this patch separately with argument 'ALL' to assign permission to remaining users ");
	System.out.println("Please execute this patch separately with argument 'ALL' to assign module permissions to remaining users!!");
	}
	}
	}catch(Exception ex){
	}
	}

	@Override
	public void printStats() {
	}

	private int assignPermissions(List<XXPortalUser> xXPortalUsers){
	int countUserPermissionUpdated = 0;
	if(!CollectionUtils.isEmpty(xXPortalUsers)){
	for (XXPortalUser xPortalUser : xXPortalUsers) {
	try{
	if(xPortalUser!=null){
	VXPortalUser vPortalUser = xPortalUserService.populateViewBean(xPortalUser);
	if(vPortalUser!=null){
	vPortalUser.setUserRoleList(daoManager.getXXPortalUserRole().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
	xUserMgr.assignPermissionToUser(vPortalUser, false);
	countUserPermissionUpdated += 1;
	logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]");
	}
	}
	}catch(Exception ex){
	}
	}
	}
	return countUserPermissionUpdated;
	}

	private List<String> readUserNamesFromFile(String aFileName) throws IOException {
	List<String> userNames=new ArrayList<String>();
	if(!StringUtils.isEmpty(aFileName)){
	Path path = Paths.get(aFileName);
	if (Files.exists(path) && Files.isRegularFile(path)) {
	List<String> fileContents=Files.readAllLines(path, ENCODING);
	if(fileContents!=null && !fileContents.isEmpty()){
	for(String line:fileContents){
	if(!StringUtils.isEmpty(line) && !userNames.contains(line)){
	try{
	userNames.add(line.trim());
	}catch(Exception ex){
	}
	}
	}
	}
	}
	}
	return userNames;
	}
	}